共查询到17条相似文献,搜索用时 698 毫秒
1.
2.
随着网络应用的增长,信息安全问题日益突出,入侵检测系统成为网络安全动态防护技术的核心,目前的网络入侵检测系统或者是纯软件编写或是纯硬件实现,它们都不能同时满足在高速网络中性能和灵活性的要求,文章利用网络处理器高处理能力和高编程性,提出了一个基于网络处理器IXP2400的网络入侵检测系统。 相似文献
3.
在入侵检测中,模式匹配算法的改进对检测速度的提高是有限的,不是解决问题的根本策略.本文设计了一个基于硬件的入侵检测系统原型,系统采用基于网络处理器的硬件策略取代传统入侵检测的软件策略,将入侵检测的主要工作,如数据采集及过滤、数据包的调度、多模式匹配等用硬件实现.它们都是在基于FPGA上实现的,并可以根据实际需要增加硬件和自定义指令来提高系统性能.测试表明该系统的性能与传统方法相比有显著的提高,很好地解决了入侵检测中的速度瓶颈问题. 相似文献
4.
5.
网络入侵检测系统(NIDS)是安全防范机制的重要组成部分。当前,对入侵检测的理论研究取得了多方面的成果,提出了专家系统,神经网络,数据挖掘,移动代理等等检测方法。但在实际应用中仍然局限于异常检测和误用检测,实际入侵检测的难点主要在于检测的效率,即误报和漏报问题。该问题可以通过软件硬化来解决。阐述了实现一种基于Intel网络处理器IXP2400的网络入侵检测系统。重点讨论了入侵检测分析引擎的模式匹配算法和网络处理器各线程间数据的通信问题。实验表明该系统能在保证检测效率的同时,减少误报和漏报,对保证当前高速企业网络安全有一定的实用性。 相似文献
6.
随着网络带宽的不断增加,以及处理能力的限制,传统的网络入侵检测系统(Network Intrusion Detecting System,NIDS)面临挑战,如何提高NIDS的处理能力备受关注。通过专用设备提高检测速度,不但价格昂贵且无法大规模普及。通过对Linux网络协议栈的优化,以及常用入侵检测系统Snort的多线程化,结合了图形处理器(Graphic Processing Unit,GPU)的高性能并行计算能力,设计了一种高性能的软件入侵检测架构,突破现有NIDS使用普通CPU的计算瓶颈,以应对高速链路对入侵检测性能的要求。实验结果表明,高速网络中的数据包可以采用GPU来处理。 相似文献
7.
8.
9.
随着网络应用的增长,网络数据流量在以翻番的速度增长,网络数据的采集和过滤作为实时性要求高的入侵检测系统的支撑系统,其数据处理能力直接影响入侵检测系统的效率。高处理能力和高编程性的网络处理器的出现,克服了基于传统CPU架构的数据采集和过滤系统的性能局限,在高速网络中实现了性能和灵活性的结合,达到了高速数据处理和检测规则的动态更新。在此架构基础上,通过多种方式能够提高数据处理效率,文章提出了在网络处理器实现的NIDS中集成优化规则集的方式实现高效数据过滤。 相似文献
10.
入侵检测系统(IDS)的开发与评估需要一个仿真的网络环境,网络流量模拟仿真技术是其中关键技术之一.在详细分析了网络流量的模拟仿真技术及其相关软件基础上,设计并实现了一种基于日志的网络背景流量模拟仿真软件,解决了入侵检测系统测试中的攻击类型定义和背景流量问题,并使用谊软件模拟真实的网络环境对入侵检测系统进行测试分析,实验结果表明,基于日志的网络背景流量仿真软件能够在日志信息的基础上以不同速度动态回放网络流量仿真数据,并能够对日志数据进行修改.增加了对入侵检测系统测试的灵活性. 相似文献
11.
12.
A Software Fault Tree Approach to Requirements Analysis of an Intrusion Detection System 总被引:2,自引:0,他引:2
Guy Helmer Johnny Wong Mark Slagell Vasant Honavar Les Miller Robyn Lutz 《Requirements Engineering》2002,7(4):207-220
Requirements analysis for an intrusion detection system (IDS) involves deriving requirements for the IDS from analysis of
the intrusion domain. When the IDS is, as here, a collection of mobile agents that detect, classify, and correlate system
and network activities, the derived requirements include what activities the agent software should monitor, what intrusion
characteristics the agents should correlate, where the IDS agents should be placed to feasibly detect the intrusions, and
what countermeasures the software should initiate. This paper describes the use of software fault trees for requirements identification
and analysis in an IDS. Intrusions are divided into seven stages (following Ruiu), and a fault subtree is developed to model
each of the seven stages (reconnaissance, penetration, etc.). Two examples are provided. This approach was found to support
requirements evolution (as new intrusions were identified), incremental development of the IDS, and prioritisation of countermeasures.
Correspondence and offprint requests to: G. Helmer, Department of Computer Science, 226 Atanasoff Hall, Iowa State University, Ames, Iowa 50011, USA. Email: ghelmer@cs.iastate.edu 相似文献
13.
Intrusions detection systems (IDSs) are systems that try to detect attacks as they occur or after the attacks took place. IDSs collect network traffic information from some point on the network or computer system and then use this information to secure the network. Intrusion detection systems can be misuse-detection or anomaly detection based. Misuse-detection based IDSs can only detect known attacks whereas anomaly detection based IDSs can also detect new attacks by using heuristic methods. In this paper we propose a hybrid IDS by combining the two approaches in one system. The hybrid IDS is obtained by combining packet header anomaly detection (PHAD) and network traffic anomaly detection (NETAD) which are anomaly-based IDSs with the misuse-based IDS Snort which is an open-source project.The hybrid IDS obtained is evaluated using the MIT Lincoln Laboratories network traffic data (IDEVAL) as a testbed. Evaluation compares the number of attacks detected by misuse-based IDS on its own, with the hybrid IDS obtained combining anomaly-based and misuse-based IDSs and shows that the hybrid IDS is a more powerful system. 相似文献
14.
15.
Software engineering efforts can potentially benefit much from a good understanding of the structures of existing software
systems and the processes governing their development. Towards that end, we study software systems by means of the complex
network analysis framework. We model a software package as a network, with nodes representing the functions in the package
and edges representing the dependencies among the functions. Our empirical analysis of five widely-adopted open-source software
packages reveals a set of interesting features of such networks, which cannot be adequately reproduced by existing complex
network models. We then set out to develop a new network growth model, explicitly imitating generally-advocated software development
principals, such as divide-and-conquer, modularization, high intra-module cohesion, and low inter-module coupling. Results
of our analytical derivations and numeric studies show that our model can more closely reproduce the particular features exhibited
by real-world software packages, thus hopefully better explaining the phenomena of concern. 相似文献
16.
本文提出一个基于人工免疫机制的入侵检测模型(IDS)。该模型可用于计算机网络及无线通讯网络的安全系统。同时文章提出了一种新的数据存取和分析方法,并具体描述了怎样提取人类免疫系统的特点来应用于入侵检测系统的软件包。此研究成果的一个显著优点是极大的减少了入侵检测日志文件的容量,从而有效提高了系统的可维护性,帮助管理员更好的监测和观察主机异常活动。最后文章用实验数据显示了该算法的有效和可行性。 相似文献
17.
基于网络处理器及协处理器的高速网IDS的研究 总被引:1,自引:1,他引:0
随着高速网技术的不断成熟,网络数据的传输速度与传统IDS(入侵检测系统)的检测能力之间的差距越来越大,已成为在高速网络环境中实现网络安全所要解决的一个重要问题。文章提出了一种基于网络处理器及应用层匹配查找协处理器的硬件解决方案,来实现高速网络环境的入侵检测。此架构易于升级,针对于实现千兆带宽的网络入侵检测具有很强的应用前景。 相似文献