摘要
入侵检测系统(IDS)的评估和开发都需要一个仿真网络环境。功能完整的IDS评估环境,不需经大的改动就可以直接用于IDS的测试开发。本文从IDS评估的角度,对这样的仿真网络环境进行了讨论,设计得到的评估环境也可用于IDS的开发过程。在给出IDS的性能指标之后,我们提出了IDS评估环境框架,并以该框架为基础,对评估环境中的网络流量仿真、主机使用仿真和网络攻击仿真等几个关键技术问题进行了深入研究,在文章的最后,给出了对我们单位开发的IDS进行测试的一些结果,测试在我们搭建的一个基本评估环境中进行。
Intrusion Detection System (IDS) plays a key role in defense-in-depth computer security architecture and is an important complement to the peripheral defense elements such as firewalls and authentication mechanisms. But due to the complexity in both its design and interactions with the deploying environment, an objective testing of IDS is very difficult. In this paper, we first propose a set of performance indexes for IDS evaluation. Then we present the architecture of a simulation environment to test intrusion detection systems automatically. Next, under the framework of this architecture, we discuss three key issues in the realization of such a testing environment: network traffic simulation, computer usage simulation and computer attack simulation. At the end, we give some testing results of an IDS developed by ourselves in a basic testing environment we built.
出处
《系统仿真学报》
CAS
CSCD
2002年第3期377-380,共4页
Journal of System Simulation
基金
国家杰出青年基金(6970025)
国家教育部"行动计划"资助
国家863计划(2001AA140213)资助
