摘要
引入了一种基于规范的处理网络数据的方法,并对其进行了改进与扩展。通过构建状态机并从其中提取出相关信息,不仅可以同时兼顾基于误用和基于异常的两种检测方法,而且使得它们获得了更好的检测效果。文章通过林肯实验室公布的实验数据对这种方法进行了验证和说明。
This paper introduces an improved specification-based approach to process the network data. By constructing state machine and get information from it, this approach can contain both anomaly-based and misuse-based intrusion detection methods, and gain the better detection capability. The approach has been tested under the intrusion data published by Lincoln lab in this paper.
出处
《计算机工程》
EI
CAS
CSCD
北大核心
2005年第9期132-134,230,共4页
Computer Engineering
关键词
入侵检测
规范状态机
混合检测
Intrusion detection
Specification state machine
Mixed intrusion detection
