摘要
基于对传统入侵检测模型和NDIS中间层驱动技术研究的基础之上,提出了一种基于NDIS中间层驱动的入侵检测模型IDMBN.IDMBN深入到Windows内核,可以较好地满足在网络底层检测和拦截入侵,解决了传统入侵检测在用户态或应用程序层不能够检测或漏检的问题,并在实际应用中取得了较好的性能,证明了该模型的可行性.
On the basis of investigation to traditional intrusion detection model (IDM) and NDIS intermediate driver technology, intrusion detection model based on NDIS intermediate driver named IDSMBN is proposed. It is embedded into the kernel of windows; and it can satisfy detection and hold-up of intrusion at network low layers; it resolves the problems of traditional intrusion detection of non-detected or evaded network intrusion in user or applications layers and implements it with better performance; so the project feasibility is proved.
出处
《三峡大学学报(自然科学版)》
CAS
2008年第3期83-86,共4页
Journal of China Three Gorges University:Natural Sciences
关键词
入侵检测
网络驱动程序接口规范
中间层驱动
intrusion detection
network driver interface specification (NDIS)
intermediate driver(IMD)