摘要
入侵检测系统 (IDS) 意在检测对计算机系统的未授权使用、误用和滥用。针对目前IDS普遍存在的缺乏有效监控平台的情况,我们提出了一种能够支持多种异构Sensor、多源证据关联以及可视化推理判断的集成化网络安全监控平台NSMS,给出了NSMS的体系结构,并就“证据获取”、“证据处理”、“结果可视化报告”三个关键技术进行了详细阐述。本平台已经在集成化网络安全监控及防卫系统Net-Keeper中得到实现和应用,实际应用表明本平台是一个开放、高效和可视化的网络安全实时监控平台。
The main intention of intrusion detection system (IDS) is to detect the action of unauthorized use, misuse, and all other abuse of computer systems, but it lacks of an effective monitoring console. In this paper, a novel model of integrated network security monitoring system (NSMS) is proposed, not only NSMS can capture different kinds of intrusion events from multiple and distributed heterogeneous Sensors, but also it can correlate these relative proofs, finally it can visualize the reasoning process. In this paper, we present the framework of NSMS, and then discuss some key issues of implementation, which are proof-getting, 損roof-correlation and result-visualization respectively. As the kernel of integrated network security and defense system, the prototype of NSMS has already been developed and tested, it is proved to be efficient, open and practical in network security monitoring.
出处
《通信学报》
EI
CSCD
北大核心
2003年第7期155-163,共9页
Journal on Communications
基金
国家杰出青年基金资助项目(60243001)
国家自然科学基金资助项目(60243001)
国家"863"计划资助基金项目(2001AA140213)
