摘要
入侵检测技术IDS是一种主动保护自己免受攻击的一种网络安全技术。作为防火墙的合理补充,入侵检测技术能够帮助系统对付网络攻击,扩展了系统管理员的安全管理能力(包括安全审计、监视、攻击识别和响应),提高了信息安全基础结构的完整性。本文通过对网络安全问题和两类不同检测思想的论述与分析,在对早期网络入侵检测系统模型的分析的基础上,提出了一种新型入侵检测模型,从而尽最大可能减少误报和漏报情况的发生,大大提高入侵检测系统的有效性。
IDS is a kind of network security technology which actively protects itself from attack. As the reasonable supplement of the firewall, the invasion examination technology can help the system cope with the network attack, expanding system manager's safety control ability (including safe audit, surveillance, attack discernment and response) and enhancing the integrity of the information security foundation structure. Through the elaboration and analysis of the network security question territory and two kinds of different examinations thought, this article, on the basis of analysis of the network invasion detection system model in the early times, proposes a new kind of invasion detection model, to maximally reduce the occurrence of mistaken report and fails to report, and to greatly improve the validity of the invasion detection system.
出处
《三门峡职业技术学院学报》
2006年第3期92-94,共3页
Journal of Sanmenxia Polytechnic
关键词
入侵检测系统
误用检测
异常检测
Intrusion Detection System
Misuse examination
Unusualness examination
