摘要
入侵检测系统可以检测已发生的入侵行为并发出警告。自动入侵响应系统是入侵检测系统的扩展,它可以对检测到的攻击行为自动进行响应,因此对保护网络安全起重要的作用,而各种成本因素对其性能的影响很大。该文给出了自动入侵响应系统的构架,并介绍了一种基于成本评估模型的自动入侵响应系统:描述了其理论基础,分析了各种成本的计算方法及攻击行为分类对成本的影响,总结出成本模型公式;详细描述了创建该模型的方法,包括资产评估和机器学习等;使用仿真技术模拟攻击和响应,给出了实验结果,结果表明使用该模型能极大地降低响应成本;对该模型进行了一些改进以使其可以扩展到有效防御复杂攻击;指出了今后的研究方向。
Intrusion detection systems can detect the intrusion behaviors and give a warning. Intrusion response systems, which can automatically respond to the attack behaviors according to the result of the intrusion detection, are the expansion of the intrusion detection systems, so it is important for protecting network security, and varieties of cost factors take much effect on its performance. This paper gives the architecture of the automatic intrusion response systems, introduces one system based on cost - sensitive model: describes the theoretical basis of the model by analyzing the computation method of cost factors and the effect which the classification of the attack behaviors takes to the costs, and then sums up the cost model formation; describes the method to create the model including assets assessment and machine learning; simulates the attack and response behaviors using simulation technology, and gives the result which shows that intrusion response systems using this model can reduce response cost much; gives some modifications on the model to expand it to defend the complex attack; figures the future research direction.
出处
《计算机仿真》
CSCD
2006年第5期249-253,共5页
Computer Simulation
关键词
入侵响应
成本因素
成本评估模型
Intrusion response
Cost factor
Cost- sensitive model