摘要
入侵检测系统是网络安全产品中的重要成员,可以有效的对网络安全事件进行检测跟踪,从而产生有效的防护动作,以及为攻击取证提供支持。基于论述网络安全现状及入侵检测研究现状,设计一种基于协议状态转换自动机的入侵检测技术,根据协议实现标准,建立有穷状态自动机,通过解析数据包并输入对应的自动机,判断是否能被自动机接受,或者统计状态转换等信息来进行异常的识别。
Intrusion Detection System (IDS) is one of the important security products that can detect the network attacks and react properly. This paper discusses the status of network security and intrusion detection, and presents an intrusion detection technology based on protocol state transition automata according to which a finite state automata can be built. By analyzing data packets and entering the corresponding state machine, the network anomaly can be concluded by the information which is gained from the state maehine, such as whether the packet can be accepted by the automata, the Statistical Information of state transition and so on.
关键词
协议状态机
协议异常检测
入侵检测
网络安全
protocol state machine
protocol anomaly detection
intrusion detection
network security
