期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

自动入侵响应决策技术的研究综述 被引量:5

A Survey of Intrusion Response Decision-Making Techniques of Automated Intrusion Response Systems
下载PDF
导出
摘要 简要介绍了自动入侵响应系统的作用和重要性.对自动入侵响应决策技术所涉及的相关问题进行了层次化的划分.阐述了入侵响应目的与策略在入侵相应决策中的作用及其研究状况.对已有自动入侵响应系统中的响应决策因素进行了介绍,分析了响应因素在决策中的作用,并对这些响应因素进行了分类.提出了入侵响应时机的概念,重点讨论了现有各种入侵响应时机决策模型和入侵响应措施决策模型,并对这些模型的特点和存在的问题进行了分析.介绍了入侵检测报警管理与入侵响应系统IDAM&IRS的体系结构、响应时机决策方法、响应措施决策方法和实验情况,并阐述了IDAM&IRS的主要特点.最后,总结了自动入侵响应决策技术的发展方向. Abstract Automated intrusion response system and its significances are briefly introduced in this paper. The intrusion response-decision making is one of the critical techniques of automated intrusion response systems. A hierarchical architecture about intrusion response decision-making problems is presented. The roles of response goal.~ and response strategies in an intrusion response decision- making process are discussed, meanwhile their related work is introduced. Intrusion response decision-making factors are used in decision-making models and directly influence the results of intrusion decision-making models. The decision-making factors in the latest existing intrusion decision-making mechanisms are reviewed, and it is pointed out that some of these factors are not properly used in a few of existing decision-making models. In order to choose proper factors in an intrusion response decision-making model, a taxonomy of response decision-making factors is given. The existing models of intrusion response measure decision-making are presented, and their features and problems of these models are discussed in detail. The concept and idea of intrusion response time decision-making are proposed, and at the same time, a few of intrusion response time decision-making models are introduced. The architecture, response time decision-making model, response measure decision-making model and experiments of the intrusion detection alert management ~ intrusion response system (IDAM&IRS) developed by the authors are shown. In addition, its features are described. Finally the development trends of response decision-making are summarized.
作者 穆成坡 黄厚宽 田盛丰 李向军
机构地区 北京理工大学宇航科学技术学院 北京交通大学计算机与信息技术学院
出处 《计算机研究与发展》 EI CSCD 北大核心 2008年第8期1290-1298,共9页 Journal of Computer Research and Development
基金 国家自然科学基金项目(60442002) 2008江西省教育厅科技计划基金项目(GJJ08036)~~
关键词 自动入侵响应系统 入侵响应决策 入侵检测 报警处理 网络安全 detection automated intrusion response system intrusion response decision-making intrusion alert processing network security
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献23

  • 1Ashish Gehani. Support for automated passive host-based intrusion response [D]. Durham, NC, USA: Department of Computer Science, Duke University, 2003.
  • 2Curtis A Carver. Adaptive-based intrusion response [D]. College Station: Texas A&M University, 2001.
  • 3Dan Schnackenberg, Harley Holliday, Randall Smith, et al. Cooperative intrusion traceback and response architecture [C] //Proc of DARPA Information Survivability Conference and Exposition. Piscataway, NJ: IEEE Computer Society, 2001.
  • 4Bingrui Foo, Yu-Sung Wu, Yu-Chun Mao, et al. ADEPTS: Adaptive intrusion response using attack graphs in an Eenvironment [C] //Proc of the DSN-DCC Symposium 2005. Piscataway, N J: IEEE Computer Society, 2005.
  • 5Curistis A Carver, John M D Hill, Udo W Pooch. Limiting uncertainty in intrusion response [C]//Proc of the 2nd IEEE Information Assurance and Security Workshop. Piscataway, NJ: IEEE Computer Society, 2001.
  • 6Porras P A, Neumann P G. EMERALD: Event monitoring enabling responses to anomalous live disturbances [C]//Proc of the 20th National Information Systems Security Conference. Gaithersburg, USA: Information Technology Laboratory, 1997.
  • 7White G B, Fisch E A, Pooch U W. Cooperating security managers: A peer-based intrusion detection system [J]. IEEE Network, 1996,10(1):20-23.
  • 8Wenke Lee. Toward cost-sensitive modeling for intrusion detection and response [J]. Journal of Computer Security, 2002, 10(2): 5-22.
  • 9Thomas Toth, Christopher Kruegel. Evaluating the impact of automated intrusion response mechanisms [C]//Proc of the 18th Annual Computer Security Application Conference. Washington, DC: IEEE Computer Society,2002.
  • 10Yu-Sung Wu, Bingrui Foo, Blake Matheny, et al. ADEPTS: Adaptive intrusion containment and response using attack graphs in an E-commerce environment, 2003-33[R]. West Lafayette, Indiana, USA: Purdue University, 2003.

二级参考文献7

  • 1穆成坡,黄厚宽,田盛丰,林友芳,秦远辉.基于模糊综合评判的入侵检测报警信息处理[J].计算机研究与发展,2005,42(10):1679-1685. 被引量:50
  • 2Curtis A Carver,Udo W Pooch.An intrusion response taxonomy and its role in automatic intrusion response[A].Proceeding of the 2000 IEEE Workshop on Information Assurance and Security[C].West Point,NY:United states military academy,2000.129-135.
  • 3Christopher W Geib,Robert P Goldman.Plan recognition in intrusion detection system[A].In DARPA Information Survivability Conference & Exposition II[C].Hilton Anaheim,California,2001.46-55.
  • 4Dan Schnackenberg,Kelly Djahandari,Dan Sterne.Infrastructure for intrusion detection and response[A].Proceedings of the DARPA Information Survivability Conference and Exposition(DISCEX) 2000[C].Hilton Head,S.C,2000.1507-1516.
  • 5Dan Schnackenberg,et al.Cooperative intrusion traceback and response architecture(CITRA)[A].Proceedings of the DARPA Information Survivability Conference and Exposition(DISCEX) 2001[C].Anaheim Califonia,2001.
  • 6ZHANG Jian,GONG Jian,DING Yong.Intrusion detection system based on fuzzy default logic[A].Proceeding of the 2003 IEEE Workshop on Fuzzy System[C].St.Louis,2003.
  • 7Wenke Lee,Wei Fan,et al.Toward cost-sensitive modeling for intrusion detection and response[J].Journal of Computer Security,2002,10(1):318-336.

共引文献72

同被引文献45

引证文献5

二级引证文献6

计算机研究与发展
2008年 第8期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部