摘要
入侵检测是识别网络攻击的主要手段 ,现有的入侵检测系统可以检测到大多数基于网络的攻击 ,但不能提供对真实攻击来源的有效追踪 .据此 ,结合现有的入侵检测技术提出了网络攻击源追踪系统的模型 ,阐述了该系统的体系结构和各部分的主要功能 ,给出了利用相关性分析对攻击者的攻击路径进行回溯的基本思想 .模拟结果表明 ,所提出的系统模型和相关性分析的思想是可行有效的 .最后 ,从安全性。
Intrusion detection is a major technique of identifying the network attackers. The intrusion detection systems available can find the event of most network based attacks, but cannot judge the real locations of attackers. On the basis of the existing techniques, this paper presented a framework of network attacker tracing system. It then provided the system architecture and listed the principal functions. By using of the relevant analysis, it gave the basic idea of retracing the attackers' paths. The simulation result shows that the framework and idea are feasible and efficient. Finally, the potential problems of such system from various respects such as security, practicability and tracing precision, etc. were analyzed.
出处
《上海交通大学学报》
EI
CAS
CSCD
北大核心
2003年第3期411-415,共5页
Journal of Shanghai Jiaotong University
基金
中国高技术研究发展 ( 863 )计划 ( 2 0 0 1AA14 40 61)
上海市科技发展基金 ( 0 15 115 0 47)联合资助项目
关键词
入侵检测
攻击源追踪
网络监听
攻击签名
intrusion detection
attacker tracing
network monitoring
attack signature