摘要
滥用入侵检测系统因其虚警车低而在网络安全上被广泛应用,但通常攻击规则库更新的方式 (手工)是制约该检测系统发展的瓶颈.本文通过分析、挖掘审计信息,提出一种使系统自适应准实时加入新 攻击规则的方案,从而降低滥用入侵检测系统的漏警率,提高效率.
The MIDS is widely used for the network security because of its low false alarm rate. However, its developmental bottle-neck results from the manual means of attacking rule base being updated. A scheme that the new attack rules can be added to the system adaptively and near real-timely is presented in this paper by analysing and processing its auditing information, which can be available for lowering the lost alarm rate of MIDS and enhancing its efficiency.
出处
《空军雷达学院学报》
2003年第1期48-50,共3页
Journal of Air Force Radar Academy
