摘要
为了解决分布式入侵检测系统缺乏动态组织敏捷性的问题,提出了适应数据网格的按需入侵检测模型.该模型针对网格计算的动态共享性与多域集成性的特点,基于全局检测服务将入侵检测系统分为安全评估模型、工作流编程服务、数据网格环境与检测资源服务四个部分.通过系统级与节点级重构相结合的方式,保证入侵检测系统全局检测服务失败时,能从节点处获得检测服务支持.研究结果表明,与Snort入侵检测系统相比,在局域网(LAN)和广域网(WAN)的实验条件下,基于该模型的分析引擎Higen的检测时间更少,消耗用户时间更少,提高了网格计算环境下协同检测的敏捷性.
To solve the problem of lacking dynamic organizing agility in distributed intrusion detection systems, an on demand intrusion detection model adaptive to the shared data environment was presented. Considering the dynamic sharing and multi domain integration properties of grid computing, the intrusion detection system consisted of four parts including security estimate system, work flow programming service, data grid environment and detection resource service in the model based on global detection services. By combining the system and node level reconstructions, detection services were ensured from nodes when global detection services of intrusion detection system failed. Results show that compared with the intrusion detection system Snort, the analysis engine program Higen can consume less detection time and user time in local area network (LAN) and wide area network (WAN) experimental environment, and improve the agility of cooperative detection in grid computing.
出处
《浙江大学学报(工学版)》
EI
CAS
CSCD
北大核心
2006年第3期387-391,共5页
Journal of Zhejiang University:Engineering Science
基金
国家"973"重点基础研究发展计划资助项目(2003CB1700)
国家"863"高技术研究发展计划资助项目(2002AA104520)
关键词
数据网格
分布式入侵检测
数据挖掘
虚拟组织
data grid
distributed intrusion detection
data mining
virtual organization
