摘要
1引言
目前,针对入侵检测系统(Intrusion Detection System,IDS)的研究方兴未艾,如RealSecure、NetRanger、NIDESA.14、EMERALD A.19、Ripper A.21等.每一种都存在各自的缺点,比如较高的误警率或漏警率[1].
The architecture of network monitoring administration with precaution is presented. Related technologies and approaches to realize the architecture are analyzed and provided. The architecture consists of a precaution subsystem and a monitoring administration subsystem. With building an adaptive abnormal detection model and taking abnormal assessment approach, the precaution subsystem can forewarn the intrusion attempts and send the precaution information to the monitoring administration subsystem in real time. Then the monitoring administration subsystem can take some countermeasures in advance. Moreover, based on intrusion tolerance technology, the monitoring administration subsystem can reconfigure the resources and the security policies when facing active intrusions, so as to provide the expected users with timely services and ensure the security of the protected services as well.
出处
《计算机科学》
CSCD
北大核心
2003年第11期93-96,共4页
Computer Science
基金
国家863计划资助项目
项目编号:2D02AA142040