摘要
基于C语言的入侵检测系统可增加预置模板和用户自定义模板,不改动程序可扩展入侵检测系统,以增强系统对未知入侵检测的可靠性。其轮廓模板由模板名、时限、模板类型、主体和对象模式、创建事件格式串及异常事件处理描述组成。其检测步骤包括:审计记录和轮廓模板的匹配、产生新轮廓实例、再匹配审计记录和轮廓模板以发现异常。
The preset template and user–defined template is added in intrusion detection based on C language, and the system is expanded without altering program to improve the reliability of the system for the unknown intrusion detection. The skeleton template is composed of template name, time limit, template type, main body and object pattern, creating event format cluster, and handling description of exceptional event. The detection process includes matching skeleton template and audit record, generating new skeleton example, again matching skeleton template and audit record to find exceptional event.
出处
《兵工自动化》
2005年第3期49-51,共3页
Ordnance Industry Automation
关键词
C语言
入侵检测
模板
审计记录
C language
Intrusion detection
Skeleton template
Audit record
