摘要
本文讨论入侵检测数据的获取途径、方法、工具及获取数据的清理、规格化和数据转移至数据库的方法。基于网络的数据获取有网络端口数据包获取和分布式网络数据的获取。基于主机的数据获取有系统日志、注册表信息、活动目录信息等。所用工具包括Windows2003命令行工具、Wmic、C#、SQL Server和自由软件Ethereal等。
The way, method, tool of data obtaining, cleaning, standardization and shifting to database for intrusion detection are discussed. Network data obtaining includes obtaining data from network port and from distributed network system. There are several ways of obtaining data based on host computer, such as obtaining systematic daily record, information of the registration table, activity directory information, etc. Command Line in Windows 2003 Server, WMIC, C#, SQL Server and free software Ethereal are used.
出处
《计算机应用与软件》
CSCD
北大核心
2007年第6期165-166,189,共3页
Computer Applications and Software
关键词
入侵检测
数据获取
数据整理
Intrusion detection Data obtaining Data cleaning up