基于协议状态分析的入侵检测系统

The Intrusion Detection System Based on the Protocol State Analysis

提出了一种基于协议状态分析的入侵检测方法,不仅充分利用了协议的状态信息,而且考虑了相邻的数码包的内容状态,构造出协议状态序列,通过状态转换来检测入侵,有效地完成网络各层协议的分析,提高了检测的全面性、准确性和效率,实验结果表明是可行的。

This paper proposes an approach for the intrusion detection based on protocol state analysis, which not only makes full use of the protocol state information, but also considers the content state of the adjacent contextual packets, and constructs the state sequence of the protocol to detect the intrusion through the state transformation, fulfils the analysis effectively on the protocols at various layers of the network, enhances the completeness, accuracy and efficiency of the detection. The experimental results demonstrate that this approach is feasible.