摘要
入侵检测是一种重要的信息安全防御技术。基于TCP状态有限自动机的入侵检测是一种异常检测方法,它能发现违背TCP状态有限自动机的行为。描述了TCP协议中正常的连接状态转换关系,构造了TCP状态有限自动机,给出了基于TCP状态有限自动机的入侵检测实现。
Intrusion detection is one of the critical techniques in information assurance. The intrusion detection based-on state automation about TCP protocol, as a anomaly detection, can find the action against state automation about TCP protocol. The normal state transitions about TCP protocol were describled and the state automaton about TCP protocol was construted. Finally,the implement of the Intrusion Detection System based-on state automaton about TCP protocol was proposed.
出处
《鞍山科技大学学报》
2005年第5期368-371,共4页
Journal of Anshan University of Science and Technology
关键词
网络安全
入侵检测
异常检测
状态自动机
network security
intrusion detection
anomaly detection
state automaton