基于攻击分类的异构检测引擎构建技术

A Detection-centered Classification of Network Attacks

下载PDF

导出

摘要由于攻击的复杂性,单一的检测技术难以具有全面的攻击检测能力。具有多检测引擎的入侵检测系统能够克服单一检测技术的检测局限性。但是目前的多检测引擎构建技术缺乏有关检测功能划分的理论指导。本文基于攻击的检测者观点,提出了基于检测特征的攻击分类方法,将攻击按照检测特征分为5个基础类。在此基础上,构建以攻击分类为基础的具有异构检测引擎的入侵检测系统框架。实验表明,该框架可以有效地检测各类攻击,并具有较好的变形攻击检测能力。 An intrusion detection system with multi detection engines could overcome the limitations of one with a single detection engine. But up to now, the methodology dealing with network attacks lacks theoretical guidelines for the partition of the inference function. From the detector＇s point of view, this paper proposes a detection-centered methodology dealing with network attacks. Network attacks can, therefore, be divided into five categories： character string attack, overflow attack, repeating attack, multi-step attack and multi-stage attack. An intrusion detection system with isomerous detection engines is built on that basis. Experiments show that it can avoid the deficiencies of existing detection methods.

作者赵蓓胡昌振

机构地区北京理工大学网络安全与信息对抗技术研究中心

出处《科技导报》 CAS CSCD 2007年第7期5-9,共5页 Science & Technology Review

关键词攻击分类检测特征异构检测引擎 network attack classification detection-centric isomerous detection engine

分类号 TP393.08 [自动化与计算机技术—计算机应用技术]

引文网络
相关文献

参考文献11

1BALASUBRAMANIYAN J S,GARCIA-FRENANDEZ J O,ISACOFF D,et al.An architecture for intrusion detection using autonomous agents[R].Purdue University,West Lafayette:Technical Report TR 98-05,1998.
2SEKAR R,GUANG Y,VERMA S,et al.A highperformance network intrusion detection system[C]//ACM Conference on computer and communications security,Nov.2-4,1999,Singapore.ACM Press,1999:8-17.
3GIACINTO G,ROLI F.Intrusion detection in computer networks by multiple classifier systems[C]//Proceedings of the 16th International Conference on Pattern Recognition (ICPR),Quebec,Canada.IEEE Press,2002,2:11-15,390-393.
4HELMER G,WONG J,HONAVAR V,et al.Automated discovery of concise predictive rules for intrusion detection[J].J Systems and Software,2002,60(3):165-175.
5GLASS R L,VESSEY I.Contemporary application-domain taxonomies[J].IEEE Software,1995,12(8):906-916.
6AMOROSO E G.Fundamentals of computer security technology[M].USA:Prentice-Hall PTR,1994.
7FAN Jang-Jong,SU Keh-Yih.An efficient algorithm for match multiple patterns[J].IEEE Trans on Knowledge and Data Engineering,1993,5(2):339-351.
8赵蓓胡昌振.基于有限自动机的躲避攻击快速检测技术.计算机应用研究,2006,23:973-974.
9邢江宁,张炜,张铁军,苏凯英.FPW对缓冲区溢出的实时检测[J].小型微型计算机系统,2004,25(4):766-769. 被引量：2
10LINDQVIST U,JONSSON E.How to systematically classify computer security intrusions[C]//Proceedings of the 1997 IEEE symposium on security and privacy,oakland,USA,May,1997.IEEE Press,1997:154-163.

二级参考文献3

1[1]Crispin Cowan, Calton Pu, Dave Maieret. StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks[C]. Proceedings in the 7th USENIX Security Symposium, January 1998.
2[2]Tzi-cker Chiueh,Fu-Hau Hsu. RAD: a compile-time solution to buffer overflow attacks[C]. International Conference on Distributed Computing Systems (ICDCS), 2001. http://www.ecsl.cs.sunysb.edu/tr/TR96.ps.
3[3]Nathan P Smith. Smashing vulnerabilities in the UNIX operating system[EB/OL]. http://millcomm.com/～nate/machies/security/stack-smashing/nate-buffer.ps,1997.

共引文献1

1胡忠望,刘卫东.基于CPU硬件的缓冲区溢出攻击的防范技术[J].微电子学与计算机,2006,23(7):9-12. 被引量：2

1于海,韩臻.基于树型结构的多层网络攻击事件分类方法[J].网络安全技术与应用,2006(6):36-38.
2王玉斐,张基温,顾健.基于NIDS数据源的网络攻击事件分类技术研究[J].计算机应用,2005,25(12):2748-2751.
3陈世卿,徐红云,张大方.基于过程的匿名通信系统攻击分类研究[J].计算机应用研究,2005,22(7):119-121.
4IFS和IDS的设计思路比较[J].计算机安全,2003(33):29-30.
5袁杰.PE文件的水印算法研究与实现[J].科学技术与工程,2012,20(21):5176-5180. 被引量：1
6郭林,严芬,黄皓.基于多维角度的攻击分类方法[J].计算机应用研究,2007,24(4):139-143. 被引量：3
7王晓程,刘恩德,谢小权.攻击分类研究与分布式网络入侵检测系统[J].计算机研究与发展,2001,38(6):727-734. 被引量：75
8冯小青,李黎,潘志庚.一种强壮的基于几何特征分布的3维点模型数字水印算法[J].中国图象图形学报,2009,14(8):1534-1541. 被引量：4
9赵月爱,穆晓芳,陈俊杰.攻击分类研究与高速网络环境下的攻击分类[J].计算机工程与设计,2009,30(8):1833-1835. 被引量：1
10郑江滨,赵荣椿.抗几何攻击的多通道数字图像水印[J].西北工业大学学报,2008,26(4):513-517.

科技导报

2007年第7期

浏览历史

内容加载中请稍等...

基于攻击分类的异构检测引擎构建技术

参考文献11

二级参考文献3

共引文献1

相关作者

相关机构

相关主题

浏览历史