首页 | 官方网站   微博 | 高级检索  
     

分布式入侵检测系统及其认知能力
引用本文:陈硕,安常青,李学农.分布式入侵检测系统及其认知能力[J].软件学报,2001,12(2):225-232.
作者姓名:陈硕  安常青  李学农
作者单位:清华大学 信息网络工程研究中心
基金项目:国家863高科技发展计划资助项目(863-317-01-99)
摘    要:DIDAPPER(distributedintrusiondetectorwithapperception)系统是一种具有认知能力的分布式入侵检测系统.分布式结构、认知能力和知识的共享是该系统的重要特点.重点讨论了DIDAPPER系统的认知能力.流量标本和IP陷阱是DIDAPPER系统所提出的新概念.它们可以获取和识别异常的流量数据,而且适合于检测大规模网络攻击行为.DIDAPPER系统的认知能力的另一个方面是神经网络的模式识别方法.将具有自学习能力的BP网络应用于流量分析,很好地解决了流量模式的识别问题.

关 键 词:入侵检测系统(IDS)  大规模自动攻击  流量标本  IP陷阱  模式识别  神经网络  BP网络
收稿时间:9/8/1999 12:00:00 AM
修稿时间:1999年9月8日

A Distributed Intrusion Detection System and Its Apperception Ability
CHEN Shuo,AN Chang-qing and LI Xue-nong.A Distributed Intrusion Detection System and Its Apperception Ability[J].Journal of Software,2001,12(2):225-232.
Authors:CHEN Shuo  AN Chang-qing and LI Xue-nong
Abstract:The DIDAPPER (distributed intrusion detector with apperception) system presented in this paper is a distributed intrusion detector with apperception. The distributed architecture, the apperception ability and the sharing of knowledge are evident characteristics of the DIDAPPER. This paper focuses on the apperception ability of DIDAPPER. Traffic specimens and IP traps are DIDAPPER's new concepts, which can capture and recognize abnormal traffics and are suitable for monitoring the large scale network attacks. The other aspect of DIDAPPER's apperception ability comes from the neural network algorithm. The BP neural network with learning ability has been applied to traffic analysis, and shows good effect on the recognition of traffic patterns.
Keywords:IDS (intrusion detection system)  large-scale automatic attack  traffic specimen  IP trap  pattern recognition  neural network  BP network
本文献已被 维普 万方数据 等数据库收录!
点击此处可从《软件学报》浏览原始摘要信息
点击此处可从《软件学报》下载全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司    京ICP备09084417号-23

京公网安备 11010802026262号