期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于本地决策的多域间合作入侵检测 被引量:2

Cooperative Intrusion Detection Across Multiple Administrative Domains Based on Local Strategy
下载PDF
导出
摘要 在大规模多管理域网络环境中,IDS系统间合作检测更多地体现出分布式、本地化的特点。文中提出基于本地安全策略实现信息采集、交换、评估、过滤和关联分析的合作IDS模型,描述了合作IDS间共享信息可信度评估和不完整警报关联分析等方法,实现了大规模多管理域网络环境中合作IDS原型MDCI系统。该系统能够有效降低警报关联分析的误报率和漏报率,提高合作IDS系统的检测性能。 The trend towards decentralization and local strategy is addressed in cooperative intrusion detection across multiple administrative domains. This paper proposes an IDS model for data collecting, alert sharing, trustiness evaluating, alert filter and correlation based on local strategy and describes a method of trustiness evaluation of shared information among cooperative IDSs and an algorithm of alert correlation with incomplete alert information. MDCI system is provided as a prototype of cooperative intrusion detection system among multiple administrative domains and the benefits of lower false negative rate and false positive rate in the system is demonstrated.
作者 苏衡 鞠九滨
机构地区 吉林大学计算机科学与技术学院
出处 《计算机应用》 CSCD 北大核心 2004年第6期21-24,共4页 journal of Computer Applications
基金 国家自然科学基金资助项目(90204014) 吉林省自然科学基金资助项目(20030516 2)
关键词 入侵检测系统 合作检测 可信度 警报关联分析 intrusion detection systems cooperative testing trustiness evaluation alert correlation analysis
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献1

二级参考文献12

  • 1S R Snapp, S E Smaha, D M Teal et al. The DIDS (distributed intrusion detection system) prototype. In: USENIX Association.Proc of the Summer 1992 USENIX Conf. Berkeley, CA, USA:USENIX Association, 1992. 227--233.
  • 2S Staniford-Chen, S Cheung, R Crawford et al. GrlDS---A graph based intrusion detection system for large networks. The 19th National Information Systems Security Conference (NISSC),Baltimore, MD, USA, 1996. 1:361-370.
  • 3J S Balasubramaniyan, J O Garcia-Fernandez, D Lsaeoff et al.Architecture for intrusion detection using autonomous agents.COAST Laboratory, Purdue University, COAST Tech Rep: 98-05, 1998. http://www. cerias. purdue.edu/homes/aafid/docs/tr9805, pdf.
  • 4P A Porras, P G Neumann. EMERALD: Event monitoring enabling responses to anomalous live disturbances. The 20th National Information Systems Security Conf(NISSC), Baltimore,MD, USA, 1997.353-365.
  • 5J Pickel, R Danyliw. Enabling automated detection of security events that affect multiple administrative domains.Information Networking Institute, Carnegie Mellon University, Pittsburgh,PA, USA, 2000. http://www. incident.org/thesis/bookl. html.
  • 6C Krugel, T Toth. Distributed pattern detection for intrusion detection. The Network and Distributed System Security Symposium Conf, San Diego, CA, USA, 2002.
  • 7S Staniford-Chen, B Tung, D Schnackenberg. The common intrusion detection framework (CIDF) . The 1st Information Survivability Workshop, Orlando, FL, USA, 1998.
  • 8T Bass. Intrusion detection systems and multisensor data fusion.Communications of the ACM, 2000, 43(4) : 99--105.
  • 9Intrusion Detection Working Group. The Intrusion Detection Exchange Protocol (IDXP) . 2002. http://www.ietf.org/internet-drafts/draft-ietf-idwg-beep-idxp-04, txt.
  • 10Intrusion Detection Working Group. Intrusion detection message exchange format data model and extensible markup language(XML) document type definition. 2001. http://www.ietf.org/internet-drafts/draft-ietf-idwg-idmef-xml-06. txt.

共引文献35

同被引文献22

  • 1程胜利,黄鹏.入侵检测系统研究及其展望[J].武汉理工大学学报(信息与管理工程版),2005,27(2):61-63. 被引量:7
  • 2黄亮,唐文忠.一种基于协同调度的入侵检测框架[J].计算机应用,2006,26(3):567-568. 被引量:1
  • 3PORRAS P P,NEUMANN P G.EMERALD:Event Monitoring Enabling Response to Anomalous Live Disturbances[C] //The 20th National Information System Security Conference.Baltimore:National Institute of Standards and Technology,1997:353-363.
  • 4KRUGEL C,TOTH T.Distributed Pattern Detection for Intrusion Detection[C] //Proceedings of the Network and Distributed System Security Symposium.San Diego,CA.USA:The Internet Society Press,2002:1-6.
  • 5SNAPP S R,BRENTANO J,DIAS G V,et al.DIDS-Motivation,Architecture,and an Early Prototype[C] //Proceedings of 14th National Computer Security Conference.Washington D C,USA:IEEE Press,1991,10:167-176.
  • 6HOCHBERG J,JACKSON K,STALLINGS C,et al.NADIR:An Automated System for Detecting Network Intrusion and Misuse[J].Computer Security,1993,12 (3):235-248.
  • 7REMMERER R A.NSTAT:A Model-Based Real Time Network Intrusion Detection System[R].Technical Report TRCS9718,Reliable Software Group,Department of Computer Science,Santa Barbara:UC Santa Barbara,1997.
  • 8VALDES A,SKINNER K.Probabilistic Alert Correlation[C] //Proceeding of the 4th Intl Symposium on Recent Advances in Intrusion Detection.Berlin Heidelberg,Germany:Springer-Verlag,2001:54-68.
  • 9PICKEL J,DANYLIW R.Enabling Automated Detection of Security Events that affect Multiple Administrative Domain[EB/OL].(2005-12-01).[2006-06-01].http://www.in2cident.org/thesis/architecture.html.
  • 10SPAFFORD E H,ZAMBONI D.Intrusion Detection Using Autonomous Agents[J].Computer Networks,2000,34:547-570.

引证文献2

计算机应用
2004年 第6期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部