| 利用SNMP代理实现基于状态机的入侵检测 |
| |
| 引用本文: | 闫华. 利用SNMP代理实现基于状态机的入侵检测[J]. 中国测试技术, 2005, 31(5): 96-99 |
| |
| 作者姓名: | 闫华 |
| |
| 作者单位: | 复旦大学信息办网络中心,上海,200433 |
| |
| 摘 要: | 在分析现有入侵检测方法及其缺陷的基础上,提出了一种基于状态机的入侵检测的SNMP代理方案。该方案利用基于有限状态自动机的协议轨迹规范语言PISL描述入侵和攻击特征,利用Script MIB实现代理的配置,利用扩展的RMON2 MIB存储入侵检测的统计信息。最后通过试验表明,这个方案规范了攻击特征的精确描述,有效的减少了误报,实现了入侵检测系统和网络管理系统的有机结合。
|
| 关 键 词: | 网络安全 入侵检测 网络管理 SNMP代理 有限状态自动机 |
| 文章编号: | 1672-4984(2005)05-0096-04 |
| 收稿时间: | 2005-01-19 |
| 修稿时间: | 2005-03-07 |
Detection of intrusion status based on SNMP proxy |
| |
| YAN Hua. Detection of intrusion status based on SNMP proxy[J]. China Measurement Technology, 2005, 31(5): 96-99 |
| |
| Authors: | YAN Hua |
| |
| Abstract: | After discussing the present intrusion detection systems and methods and analyzing their defects,the author presented SNMP agent system based on intrusion status detection.The characteristics of intrusion and attack was described by protocol Trace Specification Language(PTSL) signatures,Script MIB was used to configure the intrusion detection agent.RMON2 MIB was used to store statistical information about intrusion signature occurrences.Experiment shows that attack characteristics can be precisely described and false alarms are greatly reduced.Full integration of IDS and NMS is achieved. |
| |
| Keywords: | Network security Intrusion detection Network management SNMP agent Finite state machine |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
