期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

利用高精度时间戳提高入侵检测率 被引量:4

Improving Intrusion Detection Rate Using High Precision Time Stamps
下载PDF
导出
摘要 入侵检测系统(IDS)是重要的信息安全措施,如何提高检测率是目前入侵检测系统研究的热点。文章从入侵事件时间戳的角度,对提高检测率进行了讨论。首先论述了计算机系统获取高精度时间戳的方法,然后分析了入侵检测系统对日志、注册表、网络包事件的时间戳精度要求。最后,以注册表访问事件为例进行了仿真,实验证明这种高精度时间戳能有效识别事件顺序,在一定程度上提高了入侵检测系统的检测率。 Intrusion Detection System (IDS) is one of important devices for information security. In this field, how to improve intrusion detection rate is a keystone issue. How to get higher intrusion detection rate on the view of Time Stamps in intrusion events was discussed. Firstly, some methods were addressed to seize high precision Time Stamps. Secondly, the precision requirement of Time Stamps was analyzed in detail on the log, registry events and network packets. Finally, the registry events were simulated and the experiment results were construed, which could identify events sequence effectively and intrusion detection rate to a certain extent was elevated.
作者 林果园 许峰 黄皓
机构地区 南京大学计算机科学与技术系软件新技术国家重点实验室
出处 《系统仿真学报》 EI CAS CSCD 北大核心 2006年第9期2672-2675,共4页 Journal of System Simulation
基金 国家"863"高技术研究发展项目(2003AA142010) 江苏省自然科学基金(BK2002073) 中国矿业大学青年基金(OD4546)
关键词 高精度 时间戳 事件序列 入侵检测系统 检测率 high precision time stamps events sequence intrusion detection system intrusion detection rate
分类号 TP391.9 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献10

  • 1Wagner D, Dean D. Intrusion detection via static analysis [EB/OL].(2002-03-18). http://citeseer.nj.nec.Com/wagner01 intrusion.html.
  • 2Ye N, Li X, Chen Q, et al. Probabilistic techniques for intrusion detection based on computer audit data[J]. IEEE Trans SMC-A(S1083-4427), 2001, 31 (5) : 266- 274.
  • 3Lippmann R, Fried D, Graf I, et al. Evaluating intrusion detection systems: The 1998 DARPA off-line intrusion detect ion evaluation[EB/OL]. (2004-03-18). http://citeseer. nj. nec. Com/326231. html.
  • 4Mannila H, Tovionen TH, Verkamo AI. Discovering frequent episodes in sequences [EB/OL]. (2002-05-12). http://www -courses.cs. uiuc. Edu/-cs497jtdpapers/97mannila.pdf.
  • 5Clads Boyd, Pete Forster. Time and date issues in forensic computing-a case study [J]. Digital Investigation(S 1742-2876), 2004,1 : 18-23
  • 6Feng Yuan. Windows graphic programming[M], engineering industry press. 2002-04: 15-17.
  • 7Peng Ning, Dingbang Xu. Hypothesizing and Reasoning about Attacks Missed by Intrusion Detection Systems[J]. ACM Transactions on Information and System Security(S1094-9224), 2004,7(4): 1-37.
  • 8F Apap, A Honig, S Hershkop, E Eskin, S Stolfo. Detecting malicious software by monitoring anomalous windows registry accesses[C]//.Proceedings of the Fifth International Symposium on Recent Advances in Intrusion Detection(RAID 2002), 2002.
  • 9Nong Ye. A Markov Chain Model of Temporal Behavior for Anomaly Detection[C]//Proceedings of the 2000 IEEE. Workshop on Information Assurance and Security. 2000: 171-174.
  • 10Richard P Lippmann. The 1999 DARPA off-line intrusion detection evaluation[J]. Computer Networks(S1389-1286), 2000, 34(4):579-59.

同被引文献42

引证文献4

二级引证文献19

系统仿真学报
2006年 第9期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部