入侵检测语言的评估

Evaluation Method for Intrusion Detection Language

下载PDF

导出

摘要入侵检测语言是入侵检测系统用于定义攻击场景的表示规范.提出一种比较和评估入侵检测语言的方法,该方法建立在一个可被证明是互斥和完备的分类基础上,并基于表达能力、表示简洁性、检测强度等三个测度.使用该方法可以对现有的各类检测语言表示攻击特征并进行推理的相对有效性进行评估,从而揭示出现有检测语言的缺陷和理想的入侵检测语言应具有的特性. Intrusion detection language is an expression specification used by IDS to describe the intrusion senarios. Based on a mutually exclusive and exhaustive taxonomy of network attacks and their detection languages, this paper proposes an evaluation method for intrusion detection languages with three metrics：expressibility,representational succinctness and detection intensity. Those well-known detection languages have been evaluated using this method in terms of their ability to express attack signature and their detection efficiencies, so as to reveal their shortages and the features that an ideal detection language should have.

作者孙美凤龚俭

机构地区东南大学计算机系网络中心

出处《小型微型计算机系统》 CSCD 北大核心 2005年第11期1913-1918,共6页 Journal of Chinese Computer Systems

基金国家自然科学基金(90104031)资助

关键词入侵检测系统检测语言检测算法评估 intrusion detection system detection language detection algorithm evaluation

分类号 TP393 [自动化与计算机技术—计算机应用技术]

引文网络
相关文献

参考文献16

1ebra Anderson, Thane Frivold, Alfonso Valdes . Next-generation intrusion detection expert system (NIDES) a summary[EB/OL]. SRI-CSL-95-07, 1995. http://www.sdl.sri.com/nides/reports/4sri.pdf.
2Porras A,Neumann P G. EMERALD: event monitoring enabling responses to anomalous live disturbances[C]. In : Proceedings of the 20th National Information Systems Security Conference. Baltimore, Maryland,USA, 1997. 353-365. http://www.sdl.sri.com/emerald/emerald-niss97.html.
3Ilgun K. USTAT: a real-time intrusion detection system for UNIX[D]. Computer Science Dept., University of California, Santa Barbara, USA, 1992.
4Vigna G, Kemmerer R A. NetSTAT: a network-based intrusion detection system[J]. Journal of Computer Security, 1999,7(1): 37-71.
5Kumar S. Classification and detection of computer intrusions[D]. Dept. of Computer Science, Purdue University, USA, 1995.
6Habra, B.Le Charlier, A. Mounji, and I. Mathieu. ASAX: software architecture and rule-based language for universal audit trail analysis[C]. In : Proc of (ESORRICS)'92. Springer-Verlag, 1992:435-450.
7Paxson V. Bro: a system for detecting network intruders in real-time[J]. Computer Networks, 1999,31(23-24):2435-2463.
8Roesch M.Snort-lightweight intrusion detection for networks[C]. In: Proceedings of USENIX LISA'99 Conference,1999: 229-238.
9J.-L.Lin and X.Sean Wang amd S.Jajodia. Abstraction-based misuse detection: high-level specifications and adaptable strategies[C]. In: Proc. of the 11th Computer Security Foundations Workshop, Rockport, MA, 1998:190-201.
10Michel C,Me L.Adele: an attack description language for knowledge-based intrusion detection[C]. In: Proc. of the 16th International Conference on Information Security,2001. http://citeseer.nj.nec.com/michel01adele.html.

1孙美凤,龚俭.网络入侵行为表示的分类研究[J].计算机科学,2005,32(10):75-79.
2荆心,张璟.一种分阶段复合的语义复杂事件检测机制[J].西安工业大学学报,2013,33(7):560-566. 被引量：1
3周宇.基于调用栈完整性的缓冲区溢出检测方法[J].计算机安全,2010(3):16-19. 被引量：3
4齐德昱,钱正平.CLS:一种支持状态图复用的攻击场景描述语言[J].计算机科学,2006,33(11):69-73. 被引量：3
5褚永刚,宋传恒,杨义先,胡正名.入侵检测系统攻击语言研究[J].信息安全与通信保密,2003(4):40-42. 被引量：1
6颜妮娜.浅谈图式理论在英语阅读教学中的应用[J].教育界（高等教育）,2015,0(12):133-133.
7邰海军,杨超,孙志刚.病态信息检测中检测强度的研究[J].兵工自动化,2008,27(7):36-36.
8李瑛,谢红薇.基于本体的消防应急决策模型[J].火力与指挥控制,2012,37(5):77-80. 被引量：2
9彭洋,余晓流,谈莉斌.基于PLC的回转支承装配检测台控制系统设计[J].制造业自动化,2013,35(15):36-39. 被引量：5
10王蓉,郑慧.区域技术创新能力的相对有效性评价[J].科技创新导报,2007,4(36):207-208. 被引量：2

小型微型计算机系统

2005年第11期

浏览历史

内容加载中请稍等...

入侵检测语言的评估

参考文献16

相关作者

相关机构

相关主题

浏览历史