基于抗体浓度的实时网络风险控制系统的设计与实现  被引量:1

Design and implementation of real-time network risk control system based on antibody concentration

在线阅读下载全文

作  者:高志强[1] 胡晓勤[1] 

机构地区:[1]四川大学计算机学院,成都610065

出  处:《计算机应用》2013年第10期2842-2845,共4页journal of Computer Applications

基  金:国家自然科学基金资助项目(61173159)

摘  要:系统采用人工免疫理论,通过对传统入侵检测系统Snort的实时检测结果进行分析,根据抗体浓度随网络入侵强度动态变化的特点,计算出当前网络风险值,反映出当前网络所面临的各类攻击和整体风险状况;Snort依赖规则匹配对数据包进行检测,由于检测过程未考虑当前的网络风险状况,对所有的匹配都发出报警,存在误报率过高的问题,系统针对不同攻击的危险程度设定报警阈值和丢包阈值,降低Snort的误报率;并根据风险值大小,采取通过、报警、丢包阻断等响应措施。实验表明,该系统能够准确计算出主机和网络所面临的实时风险,降低Snort误报率,并能根据风险值大小制定有效的响应措施。The system adopted artificial immune theory. Through analyzing the detection results of the traditional real- time intrusion detection system Snort, and according to the characteristic that antibody concentration dynamically changes with the network intrusion intensity, the current risk value of network was calculated to reflect all kinds of attacks and overall risk profile. Snort relies on the rule matching to detect data packets. The detection process does not take into account the current network risk, resulting in the problem of high false positives rate. This system set pass threshold and dropped threshold based on different degree of attack danger to reduce the false alarm rate of Snort, and took "pass, alarm, discard packet, etc. " as response measures according to the risk value. The experimental results show that the system can calculate the real-time risk faced by the host and network accurately, reduce the false positive rate and take response measures according to risk value effectively.

关 键 词:抗体浓度 风险控制 人工免疫 SNORT 网络安全风险值 

分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象