检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:靳晓琪 卢金奇 李林城 JIN Xiaoqi;LU Jinqi;LI Lincheng(EHV Power Transmission Company of China Southern Power Grid,Guangzhou 510000,China)
机构地区:[1]中国南方电网有限责任公司超高压输电公司,广东广州510000
出 处:《电子设计工程》2021年第18期152-156,共5页Electronic Design Engineering
摘 要:面对传统检测技术、过滤技术漏报率高而检测不及时的问题,提出了基于信息熵的网络异常检测及入侵防御系统设计。将主机探测器部署在Linux操作系统上,采集相关数据,并传递给分析模块,部署策略管理中心,根据指令作出相应决策;依赖Web服务器,监听TCP端口,并发送反馈信息,结合熵理论推导熵计算公式,分析网络异常情况,计算熵的估算量,确定熵阈值取值范围,划分出网络流量,由此检测入侵流程。实验结果表明,该系统检测率最高为97%,漏报率最高为9%,能够及时检测出网络异常情况并作出对应防御行为。In the face of the problem that the traditional decoy technology and filtering technology fail to detect timely due to the high rate of missing report,the design of network anomaly detection and intrusion prevention system is proposed based on information entropy.The host detector is deployed on the Linux operating system to collect the relevant data and pass it to the analysis module.The deployment strategy management center makes corresponding decisions according to the instructions.It relies on the Web server,monitors the TCP port,and sends feedback information.Combined with the entropy theory,it deduces the entropy calculation formula,analyzes the network abnormal conditions,calculates the entropy estimation,determines the entropy threshold value range,and delimits the entropy threshold value range.The network traffic is separated out to detect the intrusion process.The experimental results show that the detection rate of the system is 97%and the false alarm rate is 9%.The system can detect the network abnormal situation in time and make corresponding defense behavior.
分 类 号:TN21[电子电信—物理电子学]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.15