| 高速网络下的分布式实时入侵检测系统 |
| |
| 引用本文: | 吕志军,郑璟,黄皓.高速网络下的分布式实时入侵检测系统[J].计算机研究与发展,2004,41(4):667-673. |
| |
| 作者姓名: | 吕志军 郑璟 黄皓 |
| |
| 作者单位: | 1. 南京大学计算机科学与技术系,南京,210093;南京大学计算机软件新技术国家重点实验室,南京,210093
2. 南京大学计算机科学与技术系,南京,210093;江苏南大苏富特软件股份有限公司,南京,210008 |
| |
| 基金项目: | 国家“八六三”高技术研究发展计划基金项目 (2 0 0 1AA14 2 0 10 ) |
| |
| 摘 要: | 随着网络技术的飞速发展,网络安全问题日益突出。网络入侵检测系统需要处理大量的数据,处理能力的缺乏会引起入侵事件的漏报,提高入侵检测系统的处理能力是目前急需解决的关键问题。DRTIDS(distributed real-time intrusion detection system for high-speed networks)是一个由单个分析节点和多个探测节点组成的、工作在高速网络下的分布式网络入侵检测系统。DRTIDS的分析节点执行基于网络主机的流量分配策略,保证尽可能地平衡分配网络流量,从而尽可能地发挥整个系统的处理能力。
|
| 关 键 词: | 网络入侵检测系统 分布式结构 高速网络 平衡的流量分配策略 实时分析 |
A Distributed Real-Time Intrusion Detection System for High-Speed Network |
| |
| Abstract: | Now centralized solutions of real time IDS (intrusion detection system) in high speed network have reached their limits because of several technical difficulties encountered in keeping pace with the increasing network speed and communication complexity between applications A DRTIDS (distributed real time intrusion detection system) is proposed, which is centered around a load balance traffic slicing mechanism that ramifies the total packet stream into branches of manageable size and guarantees that each branch contains all the evidence necessary to determine a specific attack With the traffic partitioning done in the analyzer node, multiple sensors can manage sub packet stream simultaneously This approach is described in details |
| |
| Keywords: | networks intrusion detection system distributed architecture high speed networks load balance slicing mechanism real time analysis |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
