共查询到20条相似文献,搜索用时 140 毫秒
1.
针对传统入侵检测系统计算量大、漏报率和误报率高等缺点,在设计入侵检测系统时,采用与传统模式匹配算法相结合的基于协议分析的入侵检测模型,在linux平台下从网络数据包构造、数据包捕获、数据包协议分析、入侵规则建立、模式匹配、入侵事件检测和入侵响应几方面进行系统设计,通过分析系统性能,表明该入侵检测系统拥有检测速度快,漏报率低等特点. 相似文献
2.
分析了入侵检测技术在计算机网络安全技术中的作用和地位,同时将BP神经网络算法应用于入侵检测当中,建立了基于BP神经网络的智能入侵检测系统.该系统能够通过数据包捕获模块实时抓取网络中传输的数据包,之后通过协议分析模块进行数据包所使用的数据协议的识别,从而能够在BP神经网络模块分别针对采用TCP、UDP、ICMP这三种网络数据传输协议的数据包进行处理.从本文中列出的该系统在Matlab07上的仿真结果可以看出:基于BP神经网络的智能入侵检测系统能够有效地提升入侵检测识别率. 相似文献
3.
4.
5.
如果目的节点的位置信息较准确,GPSR路由协议可以高效地发送数据包到目的节点。目的节点的位置信息不准确时,则会导致数据包的严重丢失。针对这个问题,提出了TGPSR(Two-hop Greedy Perimeter Stateless Routing)路由协议:每个节点维持两跳的邻居节点列表,显著增加了对目的节点位置信息的容忍度,在位置信息不够准确的情况下也可以把数据包发送到目的节点。基于XYLS(Column-Ron-Location Service)的TGPSR协议利用XYLS位置服务协议负载较小、可扩展性良好的特点将更多的带宽用于数据传输,进一步提高协议的性能。 相似文献
6.
为了提高网络预警系统的效率,将协议分析和改进的Apriori算法应用于检测分析模块,提出了一种新型的网络入侵检测模型。在该模型中,首先将截获的数据包结合历史数据包数据库进行协议分析,找出可能存在的入侵行为的相关数据包,然后采用改进的Apriori算法对这些数据包进行关联分析,最终获得检测结果。实验说明该模型与传统网络入侵检测系统(NIDS)相比,具有更低的漏检率。 相似文献
7.
在入侵检测系统中,采用网络协议分析技术可以有效地减少数据包的搜索空间。结合网络协议分析技术和决策树挖掘技术,提出一种新型的入侵检测模型。该模型首先分析数据包的协议类型,然后根据协议类型来确定最佳的决策树算法以进行入侵检测。实证研究表明,该模型较传统的基于决策树的入侵检测模型具有更高的准确性,更适合于目前高速网络环境中的入侵检测要求。 相似文献
8.
9.
对网络入侵检测系统的工作方式和常用模式匹配算法进行分析,给出了一种基于协议分析的高效散列模式方法,并使用应用层协议的分析,利用多层次的散列表来构造检测规则集的模式树。在目前网络流量不断增大、入侵特征规则数量迅速增加的情况下,可以有效地提高网络入侵检测系统的工作效率并降低误报率。 相似文献
10.
为满足分布式入侵检测系统组件间的通信要求,文中设计了分布式入侵检测系统的通信模块。通信模块的设计参照IDWG提出的入侵检测信息交换格式和入侵检测交换协议,并借鉴了TCP/IP的思想,对传输的数据采用数据加密标准和公开密钥加密两种加密算法,提高系统通信的安全性。 相似文献
11.
入侵检测中对系统日志审计信息进行数据挖掘的研究 总被引:16,自引:0,他引:16
入侵检测系统是用来检测网络入侵行为的工具,入侵检测系统的关键在于其安全模式规则的准确性,网络系统中存在大量的日志审计数据,在这些日志审计数据中含有许多与安全有关的信息,入侵检测系统可以从日志审计数据中提取安全模式规则,但由于这些日志审计数据量非常庞大,因此采用数据挖掘技术从中进行安全模式规则的提取,研究了如何在入侵检测中对系统日志审计信息进行数据挖掘,提出了全套的步骤,并重点论述了采用轴属对日志审计信息进行特征提取。 相似文献
12.
Underwater communication primarily utilizes propagation of acoustic waves in water. Its unique characteristics, including slow propagation speed and low data rates, pose many challenges to Media Access Control (MAC) protocol design. In most existing handshaking-based underwater MAC protocols, only an initiating sender can transmit data packets to its intended receiver after a channel reservation through a Request-to-Send (RTS)/Clear-to-Send (CTS) handshake. This conventional single-node transmission approach is particularly inefficient in underwater environments, as it does not account for long propagation delays. To improve channel utilization in high latency environments, we propose a novel approach that exploits the idle waiting time during a 2-way handshake to set up concurrent transmissions from multiple nodes. The sender can coordinate multiple first-hop neighbors (appenders) to use the current handshake opportunity to transmit (append) their data packets with partially overlapping transmission times. After the sender finishes transmitting its packets to its own receiver, it starts to receive incoming appended packets that arrive in a collision-free packet train. This not only reduces the amount of time spent on control signaling, but it also greatly improves packet exchange efficiency. Based on this idea, we propose an asynchronous, single-channel handshaking-based MAC protocol based on reverse opportunistic packet appending (ROPA). From extensive simulations (single- and multi-hop networks) and comparisons with several existing MAC protocols, including MACA-U, MACA-UPT, BiC-MAC, Slotted-FAMA, DACAP, unslotted Aloha, we show that ROPA significantly increases channel utilization and offers performance gains in throughput and delay while attaining a stable saturation throughput. 相似文献
13.
在有线网络中,网络丢包主要是网络拥塞造成的,而传统的TCP协议主要是针对有线网络设计的。对于无线网络,链路错误的随机丢包成为其主要的丢包,传统的TCP已不再适用。为了使TCP适用于有线-无线的异构网络中,提出一种改进的TCP协议(命名为TCP-Ackflag)。此协议通过接收端判断分组数据的相对延迟趋势来判断网络拥塞情况,并在接收端反馈给发送端的ACK包中定义一个拥塞标志位。接收端在接收ACK包中,记录这个拥塞标志位。为了使网络能达到最大吞吐量,发送端只有在发现产生网络丢包现象后再立即对记录的拥塞标志位的值进行检测,通过检测到的拥塞标志位的值来判断网络拥塞情况,最终决定是进入网络拥塞处理过程还是简单地快速重传过程,从而保证了有线-无线异构网络的传输性能。仿真结果表明,此方案对网络拥塞判断准确性和灵敏性都有极大提高,并在此基础上保证了网络传输性能。 相似文献
14.
Multiple sender distributed video streaming 总被引:1,自引:0,他引:1
With the explosive growth of video applications over the Internet, many approaches have been proposed to stream video effectively over packet switched, best-effort networks. We propose a receiver-driven protocol for simultaneous video streaming from multiple senders to a single receiver in order to achieve higher throughput, and to increase tolerance to packet loss and delay due to network congestion. Our receiver-driven protocol employs a novel rate allocation algorithm (RAA) and a packet partition algorithm (PPA). The RAA, run at the receiver, determines the sending rate for each sender by taking into account available network bandwidth, channel characteristics, and a prespecified, fixed level of forward error correction, in such a way as to minimize the probability of packet loss. The PPA, run at the senders based on a set of parameters estimated by the receiver, ensures that every packet is sent by one and only one sender, and at the same time, minimizes the startup delay. Using both simulations and Internet experiments, we demonstrate the effectiveness of our protocol in reducing packet loss. 相似文献
15.
16.
A new communication mode, quantum simultaneous secret distribution (QSSD) is put forward, where one sender distributes different classical secret message to multiparty receivers simultaneously. Based on the properties of the one-dimensional four-qubit cluster states, a three-party QSSD protocol is proposed, and then it is extended to the case that there are many receivers. Owing to the idea of quantum dense coding, each receiver can receive two bits of classical message by the sender only using a cluster state. In order to check security of quantum channels, a strategy which can prevent common attacks efficiently is put forward. QSSD is distinct from quantum secret sharing (QSS) and quantum broadcast communication (QBC), but it can be easily converted into QSS and QBC. QSSD is also different from the multiple-QKD communication mode where the sender shares a private key with each receiver at first, while in QSSD the sender doesn’t; in addition, only one round of one-to-many communication is performed in QSSD, while in multiple-QKD communication mode many rounds of one-to-one communication are performed. 相似文献
17.
提出一种三接收方公钥加密方案,该方案中发送方对消息进行加密,而三接收方均能够使用各自的私钥对消息进行解密。基于双线性映射,构造出两个安全性不同的三接收方公钥加密方案。形式化证明如果间隙双线性Diffie-Hellman问题和计算性Diffie-Hellman问题是困难的,则所提的两个方案分别具有选择明文攻击安全和适应性选择密文攻击安全。所提方案仅增加了一项指数运算和一项哈希运算,就实现了3个独立的接收方,因此该方案效率较高。分析表明,该方案能够提高 TLS 协议的安全性并应用于分级监管公钥密码系统。 相似文献
18.
Qing-HuaZheng DavidL.Pepynet QingWang 《计算机科学技术学报》2004,19(6):0-0
Wireless transmission is becoming increasing ubiquitous, but there is a big black hole in the security of this kind of network. Although IEEE 802.11 provides an optional Wired Equivalent Privacy (WEP) to implement the authentication and confidentiality, it leaves a lot of vulnerabilities and threats. This paper proposes a protocol called SPRNG for wireless data-link layer security. SPRNG is based on the sender and receiver who generate in a synchronized way a pseudo-random number sequence. In each transmission, the sender and receiver use a pair of random numbers, one for data frame authentication, and the other for encryption key. The random numbers are used as "one-time passwords" for sender authentication and as fresh encryption keys for each frame. SPRNG is designed to be compatible with the existing 802.11 products. Like WEP, the current 802.11 security protocol, SPRNG uses a symmetric key as its seed. SPRNG has already been simulated and tested in experiment, it shows that SPRNG has stronger secur 相似文献
19.
A. S. Anakath S. Ambika S. Rajakumar R. Kannadasan K. S. Sendhil Kumar 《计算机系统科学与工程》2022,43(2):833-847
Cloud computing becomes an important application development platform for processing user data with high security. Service providers are accustomed to providing storage centers outside the trusted location preferred by the data owner. Thus, ensuring the security and confidentiality of the data while processing in the centralized network is very difficult. The secured key transmission between the sender and the receiver in the network is a huge challenge in managing most of the sensitive data transmission among the cloud network. Intruders are very active over the network like real authenticated user to hack the personal sensitive data, such as bank balance, health data, personal data, and confidential documents over the cloud network. In this research, a secured key agreement between the sender and the receiver using Kerberos authentication protocol with fingerprint is proposed to ensure security in M-Healthcare. Conditions of patients are monitored using wireless sensor devices and are then transferred to the server. Kerberos protocol helps in avoiding unnecessary communication of authenticated data over the cloud network. Biometric security process is a procedure with the best security in most of the authentication field. Trust node is responsible in carrying data packets from the sender to the receiver in the cloud network. The Kerberos protocol is used in trust node to ensure security. Secured communication between the local health center and the healthcare server is ensured by using a fingerprint feature called minutiae form, which refers to the fingerprint image of both sender and receiver. The computational and communicational cost of the proposed system is lesser when compared with other existing authentication methods. 相似文献
20.
Intrusions detection systems (IDSs) are systems that try to detect attacks as they occur or after the attacks took place. IDSs collect network traffic information from some point on the network or computer system and then use this information to secure the network. Intrusion detection systems can be misuse-detection or anomaly detection based. Misuse-detection based IDSs can only detect known attacks whereas anomaly detection based IDSs can also detect new attacks by using heuristic methods. In this paper we propose a hybrid IDS by combining the two approaches in one system. The hybrid IDS is obtained by combining packet header anomaly detection (PHAD) and network traffic anomaly detection (NETAD) which are anomaly-based IDSs with the misuse-based IDS Snort which is an open-source project.The hybrid IDS obtained is evaluated using the MIT Lincoln Laboratories network traffic data (IDEVAL) as a testbed. Evaluation compares the number of attacks detected by misuse-based IDS on its own, with the hybrid IDS obtained combining anomaly-based and misuse-based IDSs and shows that the hybrid IDS is a more powerful system. 相似文献