期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

完善入侵检测系统审计信息的方法 被引量:6

The Method of Perfecting the Audit Information in Intrusion Detection System
下载PDF
导出
摘要 实时主动型入侵检测系统需要完善的审计信息的支持 ,该文首先介绍了目前入侵检测系统使用的审计信息及采用时序逻辑性和空间性来评价审计信息完善性的简单方法 ;然后从目的节点出发 ,提出网络可抽象为一个有源的场 ,场源是目的节点 ,在某一节点上发送到目的节点的数据包频度 (一定时间内的数据包总量 )抽象为在此节点上场的散度 .据此提出了防守联盟协议 ,用于完善空间性审计信息以提高入侵检测系统的性能 ,文章介绍了协议内容、数据格式和协议的基本服务原语 ;防守联盟协议包括目的节点安全系数的概念、目的节点和相邻节点间的防守联盟协议以及目的节点和网管中心间的防守联盟协议 ,目的节点安全系数定义为目的节点的所有相邻节点上的散度之和占目的节点缓存器容量的百分比 ,目的节点和相邻节点间的防守联盟协议阐述了存在于相邻节点的审计信息如何获取并发送至目的节点 ,目的节点和网管中心间的防守联盟协议阐述了利用网管中心如何认证连接的真实性以完善空间性审计信息 ,并分析了二者的关系 ;文章简单分析了防守联盟协议的自身安全性 . A real time and active intrusion detection system (IDS) needs the support of the perfect audit information. The purpose in this article is study on the perfection of audit information in IDS. First, the audit information in current IDS is introduced. The simple method of evaluating the perfection of the audit information using time series logic and space is also introduced, and it's found that the spacious audit information in neighbors of the receiver and the sender is not used in current IDS. Second, from the receiver as source, the computer network is converted to a field, the receiver is the field source, and the packet frequency (packet number in a fixed time) sent to the receiver in a router is converted to the divergences of the field. On these grounds, the Defending Alliance Protocol (DAP) is proposed, which is used to perfect the spacious audit information to enhance the performance of IDS. The reason for establishing the protocol, the protocol content, the data form and the basic service primitives are demonstrated. The DAP is composed of the conception of security coefficient in receiver, the protocol between neighbors and receiver (NBDAP), and the protocol between network management centers (NMC) and receiver (MCDAP). The security coefficient in receiver is that the percentage of the sum of divergences in the neighbors of receiver divided by the buffer capacity in the receiver. It's explained that how to obtain and send the spacious audit information in neighbors to the receiver in the NBDAP. It's also explained that how to authenticate true of the connection between sender and receiver using NMC in the MCDAP. The relationship between NBDAP and MCDAP is analyzed. The basic service primitives demonstrate the services of DAP, and stipulate transmitting information through service access points. The self security in DAP is that the attacker obtains the management power of the neighbors of receiver and NMC using the buffer overflow attacks. The rules of defending the attacks are introduced simply. At last, the work in the future is prospected.
作者 岳兵 傅红娟 刘伯莹 谢冰 卞立平
机构地区 天津大学管理学院
出处 《计算机学报》 EI CSCD 北大核心 2002年第7期772-777,共6页 Chinese Journal of Computers
基金 天津市青年科学基金 (0 0 3 70 0 2 11)资助
关键词 入侵检测系统 审计信息 防守联盟协议 网络安全 计算机网络 intrusion detection system, audit information, defending alliance protocol
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献15

  • 1[1]Denning D E. An intrusion detection model. IEEE Trans Software Engineering, 1987,2(2):222-232
  • 2[2]Richard P Lippmann. The 1999 DARPA off-line intrusion detection evaluation. Computer Networks, 2000,34(4):579-595
  • 3[3]Refik Molva. Internet security architecture. Computer Networks, 1999,31(8):787-804
  • 4[4]Richard P Lippmann, Robert K Cunningham. Improving intrusion detection performance using key word selection and neural networks. Computer Networks, 2000, 34(4):597-603
  • 5[5]Richard Feiertag, Sue Rho, Lee Benzinger et al. Intrusion detection inter-component adaptive negotiation. Computer Network, 2000, 34(4):605-621
  • 6[6]Peter Sommer. Intrusion detection systems as evidence. Computer Networks, 1999,31(23):2477-2487
  • 7[7]Herve Debar, Marc Dacier, Andreas Wespi. Towards a taxonomy of intrusion-detection systems. Computer Networks, 1999, 31(8):805-822
  • 8[8]Koral Ilgum, Richard A Kemmerer, Phillip A Porras. State transition analysis: A rule-based intrusion detection approach. IEEE Trans Software Engineering, 1995,21(3):181-199
  • 9[9]Nicholas J Puketza, Kui Zhang, Mandy Chung et al. A methodology for testing intrusion detection systems. IEEE Trans Software Engineering, 1996, 22(10):719-729
  • 10[10]Harris B, Hunt R. TCP/IP security threats and attack methods. Computer Communications, 1999, 22(10):885-897

同被引文献36

  • 1卿斯汉,蒋建春,马恒太,文伟平,刘雪飞.入侵检测技术研究综述[J].通信学报,2004,25(7):19-29. 被引量:234
  • 2盛思源,战守义,石耀斌.网络安全技术的研究和发展[J].系统仿真学报,2001,13(S2):419-422. 被引量:21
  • 3黄文培.客票网上预订系统设计与研究[J].微电子学与计算机,2004,21(7):21-25. 被引量:7
  • 4黄文培.开放式智能安全代理体系架构设计[J].中国铁道科学,2005,26(4):98-103. 被引量:3
  • 5穆成坡,黄厚宽,田盛丰.入侵检测系统报警信息聚合与关联技术研究综述[J].计算机研究与发展,2006,43(1):1-8. 被引量:70
  • 6Cavusoglu H, Mishra B, Raghunathan S. The value of intrusion detection systems in IT security. Information Systems Research, 2005, 16(1): 28-46
  • 7Athanasiades N, Abler R, Levine Jet al. Intrusion detection testing and benehmarking methodologies//Proceedings of the 1st IEEE International Workshop on Information Assurance. Darmstadt, Germany: IEEE Computer Society, 2003: 63-72
  • 8Ulvila J W, Gaffney J E. A decision analysis method for evaluating computer intrusion detection systems. Decision Analysis, 2004, 1(1): 39-54
  • 9Ryu Y U, Rhee H S. Evaluation of intrusion detection systems under a resource constraint. ACM Transactions on Information and Systems Security, 2008, 11(4):20.1 -20. 24
  • 10Sabahi F, Movaghar A. Intrusion detection: A survey//Proceedings of the 3rd International Conference on Systems and Networks Communications (ICSNC' 08). Sliema, Malta, 2008:23-26

引证文献6

二级引证文献53

计算机学报
2002年 第7期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部