期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于特征的入侵检测系统的评估新方法 被引量:2

New approach to evaluate the capacity of signature-based intrusion detection systems
下载PDF
导出
摘要 为了提高评估的准确性,对基于特征的IDS的检测原理进行分析,提出分别评估规则库质量和IDS系统能力的原则。给出评估IDS系统能力的方法,该方法把人工知识视为评估参数,因此结论反映IDS实现的质量。重点讨论系统能力的测度定义,并简单介绍测度计算的总体思路。实验结果表明该方法更能反映基于特征的IDS的真实质量。 For improving the accuracy of IDS evaluation, after the detection method of signature-based IDS was analyzed, pointed out that the current methods are not reasonable, and proposed the principle to evaluate the capability of IDS implementation and the capability of rule base respectively. The method to evaluate the capability Of IDS implementation, which views the human knowledge as parameters, was introduced. The definition of metrics and how to calculate the value of metrics are mainly discussed. A prototype was implemented which shows that this new method can evaluate the real capacity better for a signature-based IDS.
作者 孙美凤 龚俭 杨望
机构地区 东南大学计算机科学与工程系
出处 《通信学报》 EI CSCD 北大核心 2007年第11期6-14,共9页 Journal on Communications
基金 国家重点基础研究发展计划("973"计划)基金资助项目(2003CB314804) 江苏省网络与信息安全重点实验室资助项目(BM2003201)~~
关键词 入侵检测 基于特征的入侵检测系统 评估 intrusion detection signature-based intrusion detection system evaluation
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献17

  • 1PUKETZA N J. A methodology for testing intrusion detection system[J]. IEEE Trans on Software Engineering,1996,22(10):719-729.
  • 2BOOTHE R J C. WinNTGen: Creation of a Windows NT 5.0+ Network Traffic Generator[D]. MIT Department of Electrical Engineering and Computer, 1998.
  • 3KENDALL K. A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems[D].MIT Department of Electrical Engineering and Computer Science, 1999.
  • 4DAS K J. Attack Development for Intrusion Detection Evaluation[D]. MIT Department of Electrical Engineering and Computer Science, 2000.
  • 5董晓梅,肖珂,于戈.入侵检测系统评估技术研究[J].小型微型计算机系统,2005,26(4):568-571. 被引量:9
  • 6CARDENAS A , J BARAS S, SEAMON K. A framework for the evaluation of intrusion detection systems[A]. Proceedings of the 2006 IEEE Symposium on Security and Privacy[C]. Oakland, California,USA,2006.63-77.
  • 7OSEC[EB/OL]. http://osec.neohapsis.com/about.html. 2002.
  • 8KAYACIK H G The Chanllenges in Traffic and Application Modeling for Iintrusion Detection System Benchmarking[R]. Technical Report, CSTR 030600,2003.
  • 9钱俊,许超,史美林.入侵检测系统评测研究进展(上)[J].计算机安全,2005(8):17-20. 被引量:1
  • 10钱俊,许超,史美林.入侵检测系统评测研究进展(下)[J].计算机安全,2005(9):16-17. 被引量:2

二级参考文献18

  • 1Korba J. Windows NT Attacks for the Evaluation of Intrusion Detection Systems [EB/OL]. http://www. 11. mit. edu/IST/ideval/pubs/2000/jkorba_thesis. pdf
  • 2Lippmann R, Haines J, Fried D et al. The 1999 DARPA OffLine intrusion detection evaluation [J]. Computer Networks,2000, 34(4): 579-595.
  • 3Lippmann R, Haines J, Fried D, et al. Analysis and results of the 1999 DARPA Off-Line intrusion detection evaluation[EB/OL]. http://www.cs. fit. edu/~pkc/id/related/lippmannraid00. pdf.
  • 4Lippmann R, Haines J, Fried D, et al. Analysis and results of the 1999 DARPA Off-Line intrusion detection evaluation[EB/OL]. http://www. cs. fit. edu/~pkc/id/related/lippmannraid00. pdf.
  • 5Durst R, Champion T, Witten B, et al. Testing and evaluating computer intrusion detection systems [J]. Communications of the ACM, 1999,42 (7): 53-61.
  • 6Pickering K. Evaluating The viability of intrusion detection system benchmarking[EB/OL]. http://www. cs. virginia. edu/~evans/theses/pickering. pdf.
  • 7Debar H, Dacier M, Wespi A. Towards a taxonomy of intrusion-detection systems[J]. Computer Networks, 1999, 31(8);805-822.
  • 8Paxson V. Bro: A system for detecting network intruders in real-time[J] Computer Networks, 1999, 31(23): 2435-2463.
  • 9Manganaris S, Christensen M, Zerkle D, et al. Data mining analysis of RTID alarms [J]. Computer Networks, 2000, 34(4): 571-577.
  • 10Puketza N, Zhang K, Chung M, et al. A methodology for testing intrusion detection systems[J]. IEEE Transactions on Software Engineering, 1996, 22(10): 719-729.

共引文献9

同被引文献17

  • 1诸葛建伟,王大为,陈昱,叶志远,邹维.基于D-S证据理论的网络异常检测方法[J].软件学报,2006,17(3):463-471. 被引量:56
  • 2姚君兰.入侵检测技术及其发展趋势[J].信息技术,2006,30(4):172-175. 被引量:9
  • 3陈友,沈华伟,李洋,程学旗.一种高效的面向轻量级入侵检测系统的特征选择算法[J].计算机学报,2007,30(8):1398-1408. 被引量:46
  • 4Source Fire Inc. Snort 2. 6. 14 [EB/OL]. (2006-08- 02) [2008-02-01]. http://www, snort, org/.
  • 5Veto Paxson. Bro 1.3.0 [ EB/OL ]. (2006-08-02)[2008-02-01]. http ://www. bro-ids, org/.
  • 6Goebel J, Holz T. Rishi: identify bot contaminated hosts by IRC nickname evaluation[ C]//Proceedings of the First Conference on First Workshop on Hot Topics in Understanding Botnets. Cambridge, MA, USA, 2007 : 8.
  • 7Puketza N J. A methodology for testing intrusion detection system[J]. IEEE Trans on Software Engineering, 1996,22(10) :719 -729.
  • 8Haines J, Lippmann R, Fried D. Design and procedures of the 1999 DARPA intrusion detection evaluation: de- sign and procedures [ EB/OL]. ( 2001-01-01 ) [ 2005-02- 01]. http://www. 11. mit. edu/mission/communica- tions/ist/files/TR- 1062. pdf.
  • 9Massicotte F, Gagnon F, Labiche Y, et al. Automatic evaluation of intrusion detection systems [ C ]//AC- SAC'06. Miami Beach, FL, USA, 2006:361 -370.
  • 10Sommers J, Yegneswaran V, Barford P. Toward comprehensive traffic generation for online IDS evaluation [ EB/OL ]. ( 2005438-01 ) [2009-02-31]. http:// www. cs. wisc. edu/techreports/viewreport, php? report = 1525.

引证文献2

二级引证文献2

通信学报
2007年 第11期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部