摘要
研究了入侵检测系统 (IDS)研究现状 ,针对当前 IDS系统误报率高和对时间及空间上分散的协同攻击无法有效检测的缺陷 ,引入信息融合和多传感器集成的观点 ,提出了一个多层次的 IDS推理框架和原型系统 .该原型系统采用贝叶斯网络作为多传感器融合的工具 ,用目标树的方法来分析协同攻击的攻击企图 ,并最终量化系统的受威胁程度 .相比现有的 IDS,该原型的结构更加完整 。
State of the art of the Intrusion Detection technology is investigated and a new IDS inference framework and prototype based on information fusion is proposed. The new framework is to solve the problems of existing IDS——high false positive rate and incapable of detection of coordinated attacks. The prototype employ Bayesian Network to do information fusion and goal-tree to analyze intensions of coordinated attacks and quantify the security risk of system. The prototype is more integral than existing IDS and easier to find coordinated attacks with lower false positive rate.
出处
《小型微型计算机系统》
CSCD
北大核心
2003年第9期1602-1606,共5页
Journal of Chinese Computer Systems
基金
国家 8 63计划 (2 0 0 1AA14 0 2 13 )资助
国家重点基础研究发展规划 973项目 (2 0 0 1CB3 0 940 3 )资助
关键词
入侵检测
信息融合
网络安全
贝叶斯网络
目标树
intrusion detection
information fusion
computer network security
bayesian network
goal-tree