基于误用和异常技术相结合的入侵检测系统的设计与研究

田俊峰; 张喆; 赵卫东

基于误用和异常技术相结合的入侵检测系统的设计与研究

计量
- 文章访问数: 3619
- HTML全文浏览量: 136
- PDF下载量: 1420
- 被引次数: 0
出版历程
- 收稿日期: 2005-03-08
- 修回日期: 2005-09-26
- 刊出日期: 2006-11-19

The Design and Research of Intrusion Detection System Based on Misuse and Anomaly

摘要

摘要: 目前，入侵检测系统(IDS) 的漏报率和误报率高一直是困扰IDS用户的主要问题，而入侵检测系统主要有误用型和异常型两种检测技术，根据这两种检测技术各自的优点，以及它们的互补性，将两种检测技术结合起来的方案越来越多地应用于IDS中。该文提出了基于统计的异常检测技术和基于模式匹配的误用检测技术相结合的IDS模型，减少了单纯使用某种入侵检测技术时的漏报率和误报率，从而提高系统的安全性。
- 入侵检测系统; 异常检测; 误用检测; 模式匹配; 统计分析
Abstract: Currently, the false positive and the false negative of Intrusion Detection System are very high. It was always the main problem that bothered the user of IDS. But there are tow main technologies applied in IDS. To this problem, because both the technologies have its own advantages and they can supply for each other. So IDS combined with the tow technologies was used more and more widely. This paper presented a model of IDS based on combination of misuse detection and anomaly detection. In this model, misuse detection is based on pattern matching and Anomaly Detection is based on statistical analysis. It combined the tow technologies to reduce the false positive rate and the false negative rate in only one detection technology, and then to improve security of IDS.

HTML全文

参考文献(1)

赵小林, 彭祖林, 王亚彬. 网络安全技术教程. 北京: 国防工业出版社, 2002-1, 245－245.[2]蒋建春, 马恒太, 任党恩, 等. 网络安全入侵检测: 研究综述. 软件学报, 2000, 11(11): 1460－1466.[3]Fumio Mizoguchi. Anomaly Detection Using Visualization and Machine Learning. IEEE 9th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises. Gaithersburg, Maryland: March 14-16, 2000: 165－170.[4]Shan Zheng, Chen Peng, Xu Ke, et al.. A Network State Based Intrusion Detection Model. 2001 International Conference on Computer Networks and Mobile Computing. Beijing, CHINA: October 16 -19, 2001: 481－486.[5]蒋建春, 冯登国. 网络入侵检测原理与技术. 北京: 国防工业出版社, 2001-7, 39－39.[6]李小秋, 孙学涛, 谢余强, 等. 入侵检测系统中的快速多模式匹配算法. 计算机应用与软件, 2004-02, 21(2): 84－86.[7]Koral Ilgun, Richard A.Kemmerer, Phillip A.Porras. State transition analysis: A rule-based intrusion detection approach. IEEE Trans. on Software Engineering, 1995-3, 21(3): 181－199.[8]Nittida Nuansri, Samar Singh, Tharam S.Dillon. A Process State-Transition Analysis and its Application to Intrusion Detection. 15th Annual Computer Security Applications Conference. Phoenix, Arizona：December 06-10, 1999: 378－387.[9]Nong Ye, Syed Masum Emran, Xiangyang Li, et al.. Statistical Process Control for Computer Intrusion Detection[J].DARPA Information Survivability Conference Exposition Anaheim, California: June 12-1.2001, 1(1):3-

施引文献

资源附件(0)

访问统计