检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]国防科学技术大学计算机学院,湖南长沙410073
出 处:《计算机应用与软件》2011年第9期52-55,59,共5页Computer Applications and Software
基 金:国家高技术研究发展计划项目(2009AA01Z101);NSFC重点项目(90718040)
摘 要:入侵检测技术通常分为误用检测和异常检测两类,误用检测根据攻击模式库检测已知的攻击行为,但却难以防范未知的攻击行为;异常检测技术虽然可以预测偏离正常值阈区间的潜在攻击行为,但却存在较高的误报现象。在虚拟机监视器中对虚拟机操作系统的运行行为进行带外监控,避免了操作系统内监控模块被病毒感染的难题;通过监视虚拟机的运行时行为,对之作组合序列的合法性分析,扩展了误用检测防范长时间段攻击行为的能力,识别通过合法系统调用进行的恶意攻击。测试数据表明,该技术能够较好地检测出复杂组合攻击行为。There are two kinds of intrusion detection methods: misuse-based detection and anomaly-based detection.Misuse-based detection can detect known attacks based on the attack rule library,but is failing in detecting the attacks without pre-knowledge.Anomaly-based detection can forecast latent attacks which deviate normal value of threshold intervals,but has higher false alarm rate.In this paper we carry out the out-of-band surveillance against running behaviour of virtual machine operating system on the monitor of virtual machine,in this way the puzzle of the surveillance module inside the operating system being infected by the virus is avoided.By monitoring the behaviour of virtual machine at running and making validity analysis on its combined sequence,the ability of misuse-based detection in preventing long-time attacks is expanded,malicious attacks inflicted through legitimated system calls are differentiated.Testing data show that this method can preferably detect complex compositional attacks.
分 类 号:TP309[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:3.137.208.89