摘要
主流入侵检测系统的主要工作原理,是比较两个功能相似的软件在处理同样的输入时所得到的结果的异同来判断其中一个软件是否被恶意软件所入侵。在构造此类入侵检测系统时,一般假定所选定的软件拥有足够相异性,以至于他们不会同时被同一个恶意软件所攻破。通过针对2007年全年6000多个软件漏洞进行系统性分析来衡量这个假设的合理性。分析的结果表明98%以上的功能相同的应用软件都可以用来有效地构造此类入侵检测系统,将近半数的应用软件可以通过同时运行在多个操作系统平台上来有效地提高系统的安全性。
Principal working theory of mainstream intrusion detection system is that to compare the outcomes of two softwares with similar functions when tackling the same input and to determine one of them has or has not been intruded by malicious software based on the differ- ences of their outcomes. When these replicas are constructed using off-the-shelf software products, it is assumed that they are sufficiently di- verse and will not be compromised simultaneously under the attack from same malicious software. In this paper,we analyzed 6000 or more vul- nerabilities published in 2007 to evaluate the validity of this assumption. Analytical results demonstrate that about 98% or more application software with same functions can be used to form the intrusion detection system of such kind effectively, and almost half of these applications can be run on multiple operating system platform simultaneously for improving system security effectually.
出处
《计算机应用与软件》
CSCD
2010年第9期273-275,300,共4页
Computer Applications and Software
关键词
软件相异性
软件漏洞
行为距离
Software diversity Software vulnerability Behavioural distance
