共查询到17条相似文献,搜索用时 93 毫秒
1.
在总结黑客入侵的方法和入侵检测系统的原理的基础上,对现有的入侵检测系统进行了分类,分析了入侵检测系统的优缺点,讨论了入侵检测系统的发展趋势和研究的方向。 相似文献
2.
3.
4.
入侵检测系统有关问题的研究 总被引:1,自引:0,他引:1
文章阐述了入侵检测系统的概念,讨论了入侵检测系统存在的问题,并提出了相应的解决方法,展望了入侵检测系统的发展趋势.入侵检测系统采用主动防御是保护信息系统安全的重要手段,也是近年来安全领域的研究热点. 相似文献
5.
在Linux操作系统平台下运行的Snort入侵检测系统捕获数据包的任务是借助Libpcap完成的.在各种提升入侵检测系统性能的方法中,提高数据包的捕获效率是最为重要和根本的.本文首先对Linux平台下网络数据包捕获机制进行分析,然后给出了利用NAPI技术和内存映射技术对Snort进行性能改进的思路. 相似文献
6.
7.
为了使入侵检测智能化,将数据挖掘技术引入入侵检测系统中。重点介绍了其主要技术关联规则、分类算法在入侵检测中的应用。 相似文献
8.
利用人工免疫机制来解决入侵检测和计算机病毒防御已经成为计算机安全研究领域的前沿课题.文中首先时黑客攻击过程、异常入侵检测技术、数据加密技术网络技术进行了详细分析,重点阐述目前广泛应用的宽带网和无线网的安全技术. 相似文献
9.
10.
11.
12.
13.
本文阐述了计算机网络黑客的概念,简单分析黑客是如何入侵计算机系统的,并介绍入侵检测系统(IDS),包括入侵检测的概念、原理、主要构成、入侵检测的内容、当IDS检测到一个入侵行为后所采取的行动、IDS系统应该安放到网络的部位、以及IDS与网络中其他安全措施的配合。 相似文献
14.
15.
Address Resolution Protocol (ARP) is used for determining the link layer or Medium Access Control (MAC) address of a network host, given its Internet Layer (IP) or Network Layer address. ARP is a stateless protocol and any IP-MAC pairing sent by a host is accepted without verification. This weakness in the ARP may be exploited by malicious hosts in a Local Area Network (LAN) by spoofing IP-MAC pairs. Several schemes have been proposed in the literature to circumvent these attacks; however, these techniques either make IP-MAC pairing static, modify the existing ARP, patch operating systems of all the hosts etc. In this paper we propose a Discrete Event System (DES) approach for Intrusion Detection System (IDS) for LAN specific attacks which do not require any extra constraint like static IP-MAC, changing the ARP etc. A DES model is built for the LAN under both a normal and compromised (i.e., spoofed request/response) situation based on the sequences of ARP related packets. Sequences of ARP events in normal and spoofed scenarios are similar thereby rendering the same DES models for both the cases. To create different ARP events under normal and spoofed conditions the proposed technique uses active ARP probing. However, this probing adds extra ARP traffic in the LAN. Following that a DES detector is built to determine from observed ARP related events, whether the LAN is operating under a normal or compromised situation. The scheme also minimizes extra ARP traffic by probing the source IP-MAC pair of only those ARP packets which are yet to be determined as genuine/spoofed by the detector. Also, spoofed IP-MAC pairs determined by the detector are stored in tables to detect other LAN attacks triggered by spoofing namely, man-in-the-middle (MiTM), denial of service etc. The scheme is successfully validated in a test bed. 相似文献
16.
介绍了用于研究和测量材料的非线性光学性质的Z-扫描检测系统的工作原理。设计了Z-扫描检测系统硬件和软件.利用单片机和PC机.实现了步进电机的状态控制,测量数据的采集、处理、存储和图形显示等功能。实际应用表明:该系统达到了设计要求,应用效果良好。 相似文献