| 分布式入侵检测与响应协作模型研究 |
| |
| 引用本文: | 董晓梅,于戈.分布式入侵检测与响应协作模型研究[J].计算机工程,2006,32(6):151-153. |
| |
| 作者姓名: | 董晓梅 于戈 |
| |
| 作者单位: | 东北大学信息科学与工程学院,沈阳110004 |
| |
| 基金项目: | 国家科技攻关项目;中国科学院资助项目;广东省博士启动基金;教育部优秀青年教师资助计划 |
| |
| 摘 要: | 提出了一个分布式入侵检测与响应协作模型。在该模型中,设计了协作代理,负责对来自干各入侵检测代理的检测结果进行关联分析,并结合从其它域的协作代理收到的报警消息来检测复杂的入侵行为。扩展了IDMEF消息交换格式,使用XML文档来表示各入侵检测部件间交换的消息,协作代理问通过XML消息交换来实现协作。提出了怀疑度的概念,将发现的所有可疑的和入侵行为都报告给监控.
|
| 关 键 词: | 入侵检测 协作 代理 |
| 文章编号: | 1000-3428(2006)06-0151-03 |
| 收稿时间: | 03 8 2005 12:00AM |
| 修稿时间: | 2005-03-08 |
Study on Intrusion Detection and Response Cooperation Model |
| |
| DONG Xiaomei,YU Ge.Study on Intrusion Detection and Response Cooperation Model[J].Computer Engineering,2006,32(6):151-153. |
| |
| Authors: | DONG Xiaomei YU Ge |
| |
| Affiliation: | School of Information Science and Engineering, Northeastern University, Shenyang 110004 |
| |
| Abstract: | A distributed intrusion detection and response cooperation model is proposed. In the model, cooperation agents correlate the detection results from the detection agents and cooperation agents of other domains to detect complex intrusions. To facilitate the communication between different components, the intrusion detection message exchange format is extended and applied to represent the messages exchanged among the intrusion detection components. In addition, cooperation agents cooperate with one another by exchanging XML messages. A new concept of suspect, which indicates the suspected degree of an activity, is proposed and all the suspected activities and intrusions detected are reported to the monitors for isolation and monitoring. |
| |
| Keywords: | XML DOM |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
