期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于同步点的IDS评估评分方法 被引量:1

SyncPoint based scoring method in IDS evaluation
下载PDF
导出
摘要 评分方法是判定IDS的检测率和误报率的重要环节,评分方法的准确性直接影响评估结果的有效性。现有的考虑误报和不考虑误报的评分方法均存在不同程度的准确性误差,并且不能适应日益增加带宽下的流量需求。分析了评分方法的判定窗口所需要的性质,并基于IDS对报文处理的FIFO队列特性,提出了基于同步点的评分方法。经过理论证明和实验验证,这个新方法相对于现有的评分方法有更高的准确性和更好的可扩展性。 Scoring the true positive rate and the false positive rate is a key component in IDS evaluation. The accuracy of the scoring method affects the effectiveness of the evaluation results. There are two kinds of scoring methods existed, one considering the false positive and the other not. But both of them aren't accurate enough and don't scale to the traffic volume increase. The characteristics required by the evaluating window was analyzed, and a SyncPoint based scoring method utilizing the features that the IDS processes the packet in a FIFO queue way was proposed. The theoretical analysis and the experiment show that the SyncPoint based scoring method is better than the current methods in accuracy and the scalability.
作者 杨望 龚俭 吴雄
机构地区 东南大学计算机科学与工程学院
出处 《通信学报》 EI CSCD 北大核心 2008年第9期1-9,共9页 Journal on Communications
基金 国家重点基础研究发展计划(“973”计划)基金资助项目(2003CB314804)~~
关键词 IDS评估 评分方法 同步点 误报率 可扩展性 IDS evaluation scoring method SyncPoint false positive rate scalability
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献10

  • 1NSS Group. Intrusion Detection Systems Group Test (Edition 4)[R]. NSS Group, 2004.
  • 2HAINES J, LIPPMANN R, FRIED D. Design and Procedures of the 1999 DARPA Intrusion Detection Evaluation: Design and Procedures[R]. MIT Lincoln Laboratory, 2001.
  • 3MCHUGH J. Testing intrusion detection systems: a critique of the 1998 and 1999 darpa intrusion detection system evaluations as performed by lincoln laboratory[J]. ACM Transactions on Information and System Security,.2000, 3 (4):262-294.
  • 4MELL P, HU V, LIPPMANN R. An Overview of Issues in Testing Intrusion Detection Systems[R]. National Institute of Standards and Technology ITL, 2003.
  • 5MUTZ D, VIGNA G, KEMMERER R. An experience developing an ids stimulator for the black-box testing of network intrusion detection systems[A]. Proceedings of the 19th Annual Computer Security Applications Conference[C]. Las Vegas, Nevada, USA, 2003.374- 383.
  • 6SOMMERS J, YEGNESWARAN V, BARFORD P. Toward Comprehensive Traffic Generation for Online IDS Evaluation[R]. UW Technical Report, 2005.
  • 7AXELSSON S. The base-rate fallacy and its implications for the difficulty of intrusion detection[A]. Proceedings of the 6th ACM Conference on Computer and Communications Security[C]. Singapore, 1999. 1-7.
  • 8卿斯汉,蒋建春,马恒太,文伟平,刘雪飞.入侵检测技术研究综述[J].通信学报,2004,25(7):19-29. 被引量:234
  • 9MAHONEY M V, CHAN P K. An analysis of the 1999 darpa/lincoln laboratory evaluation data for network anomaly detection[A]. Proceedings of the Sixth International Symposium on Recent Advances in Intrusion Detection[C]. Pittsburgh, PA, USA, 2003.220-236.
  • 10Snort 2.6.14[EB/OL] http://www.snort.org/. 2007.

二级参考文献46

  • 1LEE W,STOLFO S,MOK K. A data mining framework for adaptive intrusion detection[EB/OL]. http://www.cs.columbia.edu/~sal/ hpapers/framework.ps.gz.
  • 2LEE W, STOLFO S J, MOK K. Algorithms for mining system audit data[EB/OL]. http://citeseer.ist.psu.edu/lee99algorithms.html. 1999.
  • 3KRUEGEL C, TOTH T, KIRDA E.Service specific anomaly detection for network intrusion detection[A]. Proceedings of the 2002 ACM Symposium on Applied Computing[C]. Madrid, Spain, 2002. 201-208.
  • 4LIAO Y, VEMURI V R. Use of text categorization techniques for intrusion detection[A]. 11th USENIX Security Symposium[C]. San Francisco, CA, 2002.
  • 5An extensible stateful intrusion detection system[EB/OL]. http://www.cs.ucsb.edu/~kemm/NetSTAT/doc/index.html.
  • 6ILGUN K. USTAT: A Real-Time Intrusion Detection System for UNIX[D]. Computer Science Dep University of California Santa Barbara, 1992.
  • 7The open source network intrusion detection system [EB/OL]. http://www.snort.org/.
  • 8KO C, FINK G, LEVITT K. Automated detection of vulnerabilities in privileged programs by execution monitoring[A]. Proceedings of the 10th Annual Computer Security Applications Conference [C]. Orlando, FL: IEEE Computer Society Press, 1994. 134-144.
  • 9Computer security & other applications of immunology[EB/OL]. http://www.cs.unm.edu/~forrest/isa_papers.htm.
  • 10GRUNDSCHOBER S. Sniffer Detector Report[R]. IBM Research Division Zurich Research Laboratory Global Security Analysis Lab, 1998.

共引文献233

同被引文献14

  • 1Choi M,Choo H.Bypassing hole scheme using observer packets for geographic routing in WSNs[C]//2011 International Conference on Information Networking(ICOIN),2011:435-440.
  • 2Fei X,Boukerche A,Yu R.An efficient Markov decision process based mobile data gathering protocol for wireless sensor networks[C]//Wireless Communications and Networking Conference(WCNC),2011:1032-1037.
  • 3Kovacs D L,Li W,Fukuta N,et al.Mixed observability Markov decision processes for overall network performance optimization in wireless sensor networks[C]//2012IEEE 26th International Conference on Advanced Information Networking and Applications(AINA),2012:289-298.
  • 4Shi H Y,Wang W L,Kwok N M,et al.Game theory for wireless sensor networks:a survey[J].Sensors,2012,12(7):9055-9097.
  • 5Shen S,Yue G,Cao Q,et al.A survey of game theory in Wireless Sensor Networks security[J].Journal of Networks,2011,6(3):521-532.
  • 6Agah A,Asadi M,Das S K.Prevention of Do S attack in sensor networks using repeated game theory[C]//ICWN,2006:29-36.
  • 7姜伟,方滨兴,田志宏,张宏莉.基于攻防博弈模型的网络安全测评和最优主动防御[J].计算机学报,2009,32(4):817-827. 被引量:153
  • 8吴涛,王崇骏,谢俊元.基于部分可观测马尔可夫决策过程的网络入侵意图识别研究[J].南京大学学报(自然科学版),2010,46(2):122-130. 被引量:3
  • 9詹永照,饶静宜,王良民.基于攻击效果的WSN路由安全评估模型[J].计算机科学,2010,37(7):70-73. 被引量:4
  • 10张玺栋,康桂霞,张平,张恒.基于博弈的大规模无线传感器网络分簇算法[J].电子与信息学报,2011,33(10):2516-2520. 被引量:8

引证文献1

二级引证文献2

通信学报
2008年 第9期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部