摘要
入侵检测系统(IDS)的开发与评估需要一个仿真的网络环境,网络流量模拟仿真技术是其中关键技术之一.在详细分析了网络流量的模拟仿真技术及其相关软件基础上,设计并实现了一种基于日志的网络背景流量模拟仿真软件,解决了入侵检测系统测试中的攻击类型定义和背景流量问题,并使用该软件模拟真实的网络环境对入侵检测系统进行测试分析.实验结果表明,基于日志的网络背景流量仿真软件能够在日志信息的基础上以不同速度动态回放网络流量仿真数据,并能够对日志数据进行修改,增加了对入侵检测系统测试的灵活性.
A simulation network environment is required for the development and evaluation of IDS (Intrusion Detection System), and network traffic simulation is the key technique in testing IDS, To work out the definition of attack type and background traffic in testing IDS, new network background traffic simulation software based on log is designed and developed referred to related technique and software in detail, Real network environment is simulated by this software to test YDS. The experimental results imply this simulation software is able to playback network traffic simulation data dynamically with various rates based on log and modify log data. This method improves the flexibility of testing IDS.
出处
《小型微型计算机系统》
CSCD
北大核心
2006年第2期197-201,共5页
Journal of Chinese Computer Systems
基金
国家自然科学基金项目(90204014)资助
吉林省自然科学基金项目(20030516-1)资助
关键词
入侵检测
网络流量
模拟仿真
日志
intrusion detection
network traffic
simulation
Log