摘要
针对当前Web应用入侵防御系统可扩展性欠佳和检测实时性不高的问题,提出一种基于Pastry的可信Web入侵防御模型。所有检测节点组成一个结构化的P2P覆盖网,通过基于Pastry的通信算法和节点信任管理算法,实现完全分布式、可扩展和自组织的可信Web入侵防御系统。分析及实验结果表明,该系统能够检测Web应用典型攻击,有效解决了传统分布式系统单点失效、负载不均衡的问题。
To improve the performance in terms of real-time and scalability,apastry-based trusted Web application intrusion prevention model was proposed.All detection nodes formed a structured P2 Poverlay network in this model.Through the communication algorithm based on Pastry and the trust management algorithm,a completely distributed,scalable and self-organized intrusion prevention system was implemented.The approach was evaluated in a simulated environment.The results demonstrate the typical Web application attacks can be identified and the problem of single point failure and load imbalance can be solved effectively.
出处
《计算机工程与设计》
CSCD
北大核心
2014年第12期4126-4130,4144,共6页
Computer Engineering and Design
基金
国家自然科学基金项目(61201250
61172057
61172058)
国家科技支撑计划基金项目(2012BAH18F00)
广西自然科学基金项目(2012GXNSFBA053174)
关键词
WEB应用安全
入侵防御
对等
可信
分布式
Web application security
intrusion prevention
peer-to-peer
trust
distributed