共查询到20条相似文献,搜索用时 15 毫秒
1.
数据库审计是数据库安全的重要组成部分.它包括了日志记录和日志分析两个部分.然而传统的数据库审计系统往往只是一个简单的日志系统,而并不具备对日志进行分析的能力.即使存在审计分析能力,也往往具有语义不足,不易定义的特点.DBIDAUD模型使用入侵检测方法来实现数据库的审计分析能力,在DBIDAUD模型中存在一个规则库,其中定义了入侵检测知识,审计员通过定制规则库来定制系统的安全策略.模型具有丰富的语义和较高的效率,能够用来实现高安全数据库的审计系统.国产OSCARSEC安全数据库使用DBIDAUD实现了审计中心子系统.满足了国家安全标准四级的要求,在航天内部得到了充分的应用. 相似文献
2.
《Computer Networks》1999,31(8):805-822
Intrusion-detection systems aim at detecting attacks against computer systems and networks, or against information systems in general, as it is difficult to provide provably secure information systems and maintain them in such a secure state for their entire lifetime and for every utilization. Sometimes, legacy or operational constraints do not even allow a fully secure information system to be realized at all. Therefore, the task of intrusion-detection systems is to monitor the usage of such systems and to detect the apparition of insecure states. They detect attempts and active misuse by legitimate users of the information systems or external parties to abuse their privileges or exploit security vulnerabilities. In this paper, we introduce a taxonomy of intrusion-detection systems that highlights the various aspects of this area. This taxonomy defines families of intrusion-detection systems according to their properties. It is illustrated by numerous examples from past and current projects. 相似文献
3.
4.
陈漫红 《自动化与信息工程》2004,25(4):1-3,18
入侵检测技术是对网络入侵进行主动识别的新兴网络安全技术,具有强大的生命力。本文介绍了入侵检测技术的功能结构、分类、工作原理,分析了在信息系统中布置入侵检测技术的必要性,对未来入侵检测技术的发展做出了展望。 相似文献
5.
6.
Denna E.L. Hansen J.V. Meservy R.D. 《Knowledge and Data Engineering, IEEE Transactions on》1991,3(2):172-184
The authors evaluate research and development in the design of expert systems for the audit domain, providing an overview of the domain of expert judgment involved in the audit process. A framework used to present and analyze work to date and to guide future efforts is constructed. Methods of knowledge acquisition being used to develop audit applications are examined. The authors address knowledge representation for the audit domain. Most systems developed for auditing are rule-based systems. Currently, however, other representational forms are being tested that may be more appropriate for dealing with audit complexity. Progress being made in expert system validation is considered, and the current state of development and directions for future efforts are briefly discussed 相似文献
7.
在分析传统入侵检测系统不足的基础上,提出了基于Linux操作系统的DoS攻击检测和审计系统。网络安全检测模块通过统计的方法检测内网发起的DoS攻击行为,网络行为规范模块过滤用户对非法网站的访问,网络行为审计模块则记录内网用户的非法行为。实验证明,相比传统的入侵检测系统,该系统能够有效地检测出DoS攻击,并能规范网络用户行为和有效审计非法网络行为。 相似文献
8.
9.
多Agent专家系统安全性设计与研究 总被引:1,自引:0,他引:1
黄文培 《计算机工程与应用》2005,41(22):13-16,170
针对多Agent专家系统面临的安全威胁,提出了单个Agent的安全体系结构及多Agent专家系统安全架构模型。利用容器砂箱模型,实现了多Agent专家系统基于角色的访问控制。讨论了PKI在多Agent专家系统中的实际应用,在此基础上,研究了多Agent专家系统身份验证、安全通信、安全管理、安全审计及安全恢复机制。应用开发实践表明,系统具有资源占用少、安全性高、稳定性好以及可伸缩性强等优点,可应用于企业网智能安全管理、电子商务等领域。 相似文献
10.
Xinguang Tian Xueqi Cheng Miyi Duan Rui Liao Hong Chen Xiaojuan Chen 《Frontiers of Computer Science in China》2010,4(4):522-528
Anomaly intrusion detection is currently an active research topic in the field of network security. This paper proposes a
novel method for detecting anomalous program behavior, which is applicable to host-based intrusion detection systems monitoring
system call activities. The method employs data mining techniques to model the normal behavior of a privileged program, and
extracts normal system call sequences according to their supports and confidences in the training data. At the detection stage,
a fixed-length sequence pattern matching algorithm is utilized to perform the comparison of the current behavior and historic
normal behavior, which is less computationally expensive than the variable-length pattern matching algorithm proposed by Hofmeyr
et al. At the detection stage, the temporal correlation of the audit data is taken into account, and two alternative schemes
could be used to distinguish between normalities and intrusions. The method gives attention to both computational efficiency
and detection accuracy, and is especially suitable for online detection. It has been applied to practical hosted-based intrusion
detection systems, and has achieved high detection performance. 相似文献
11.
Xinguang TIAN Xueqi CHENG Miyi DUAN Rui LIAO Hong CHEN Xiaojuan CHEN 《Frontiers of Computer Science》2010,4(4):522
Anomaly intrusion detection is currently an active research topic in the field of network security. This paper proposes a novel method for detecting anomalous program behavior, which is applicable to host-based intrusion detection systems monitoring system call activities. The method employs data mining techniques to model the normal behavior of a privileged program, and extracts normal system call sequences according to their supports and confidences in the training data. At the detection stage, a fixed-length sequence pattern matching algorithm is utilized to perform the comparison of the current behavior and historic normal behavior, which is less computationally expensive than the variable-length pattern matching algorithm proposed by Hofmeyr et al. At the detection stage, the temporal correlation of the audit data is taken into account, and two alternative schemes could be used to distinguish between normalities and intrusions. The method gives attention to both computational efficiency and detection accuracy, and is especially suitable for online detection. It has been applied to practical hosted-based intrusion detection systems, and has achieved high detection performance. 相似文献
12.
基于UML的审计系统的分析与设计 总被引:1,自引:0,他引:1
UML是一种标准的建模语言,它支持面向对象的分析与设计。审计是安全数据库系统的一个重要组成部分,它在监督系统正常运行、控制用户行为、检测潜在攻击、分析事故原因等方面有非常重要的作用。通过对基于UML的审计系统的分析与设计,展示了UML建模在系统开发中的应用,对B1级审计系统的开发也有一定的借鉴作用。 相似文献
13.
数据挖掘技术在入侵检测中的应用研究 总被引:2,自引:0,他引:2
随着Internet迅速发展,许多新的网络攻击不断涌现。传统的依赖手工和经验方式建立的基于专家系统的入侵检测系统,由于面临着新的攻击方式及系统升级方面的挑战,已经很难满足现有的应用要求。因此,有必要寻求一种能从大量网络数据中自动发现入侵模式的方法来有效发现入侵。这种方法的主要思想是利用数据挖掘方法,从经预处理的包含网络连接信息的审计数据中提取能够区分正常和入侵的规则。这些规则将来可以被用来检测入侵行为。文中将数据挖掘技术应用到入侵检测中,并对其中一些关键算法进行了讨论。最后提出了一个基于数据挖掘的入侵检测模型。实验证明该模型与传统系统相比,在自适应和可扩展方面具有一定的优势。 相似文献
14.
15.
Evolutionary neural networks for anomaly detection based on the behavior of a program. 总被引:1,自引:0,他引:1
Sang-Jun Han Sung-Bae Cho 《IEEE transactions on systems, man, and cybernetics. Part B, Cybernetics》2006,36(3):559-570
The process of learning the behavior of a given program by using machine-learning techniques (based on system-call audit data) is effective to detect intrusions. Rule learning, neural networks, statistics, and hidden Markov models (HMMs) are some of the kinds of representative methods for intrusion detection. Among them, neural networks are known for good performance in learning system-call sequences. In order to apply this knowledge to real-world problems successfully, it is important to determine the structures and weights of these call sequences. However, finding the appropriate structures requires very long time periods because there are no suitable analytical solutions. In this paper, a novel intrusion-detection technique based on evolutionary neural networks (ENNs) is proposed. One advantage of using ENNs is that it takes less time to obtain superior neural networks than when using conventional approaches. This is because they discover the structures and weights of the neural networks simultaneously. Experimental results with the 1999 Defense Advanced Research Projects Agency (DARPA) Intrusion Detection Evaluation (IDEVAL) data confirm that ENNs are promising tools for intrusion detection. 相似文献
16.
This paper brings together two methodological strands of thinking. These are the managerial problem solving methodology of Logistics Information System auditing and the structured development of expert system technology. The investment being made in logistics in organizations is enormous and, although much effort has been devoted to creating structured methods to aid the development of information systems to support these organizations' logistics, the area of Logistics Information System auditing remains less developed.
The major aim of this paper is to provide a systemic approach of the application of expert system technology to Logistics Information System auditing. Taking a strategic view of Management Information System (MIS) in logistics, this paper describes the application of INFAUDITOR, an audit expert system, to logistics information systems auditing.
INFAUDITOR has two fundamental features. First, it covers all domains of information systems, managerial (like logistics) as well as technical aspects. Secondly, it helps to determine, in a given audit situation, the respective importance that should be given to the different audit domains and tests of control. INFAUDITOR can be viewed as consisting of several expert systems as in blackboard systems. Its fact bases include the characteristics of the enterprise, its logistics information system and the audit objectives. Its rule bases encompass the audit criteria represented as a hierarchical tree.
INFAUDITOR is used to assess the ability of a Logistics Information System (LIS) to provide decision makers with relevant, timely information for designing, planning and maintaining an efficient production system, for securing materials necessary for production, and for facilitating achievement of low operating and maintenance costs. We present and discuss results obtained by using INFAUDITOR in auditing the logistics Management Information System of a large European company. 相似文献
17.
18.
This paper compares the efficiency of two intelligent methods: expert systems and neural networks, in detecting children’s mathematical gift at the fourth grade of elementary school. The input space for the expert system and the neural network model consisted of 60 variables describing five basic components of a child’s mathematical gift identified in previous research. The expert system estimated a child’s gift based on heuristically defined logic rules, while the scientifically confirmed psychological evaluation of gift based on Raven’s standard progressive matrices was used at the output of neural network models. Three neural network algorithms were tested on a Croatian dataset. The results show that both the expert system and the neural network recognize more pupils as mathematically gifted than teachers do. The expert system produces the highest average hit rate, although the highest accuracy in classifying gifted children is obtained by the radial basis neural network algorithm, which also yields lower type II error. Due to the ability of expert systems to explain the result, it can be suggested that both the expert system and the neural network model have potential to serve as effective intelligent decision support tools in detecting mathematical gift in early stage, therefore enabling its further development. 相似文献
19.
产生式规则是目前应用较多的一种知识表示方法。在用于确定发酵过程生物量软测量混合模型结构的专家系统中,当向产生式规则知识库添加新的规则时,冗余的存在会影响推理的效率以及推理的准确性。提出了一种用于该专家系统规则库的冗余校验方法,给出了冗余规则的判别、冗余规则的处理以及冗余校验的实现方法。实验结果表明,该冗余校验方法可以根据输入条件和已有规则,判断出新添加的规则是否冗余,并在消除冗余对推理效率影响的同时,降低模型复杂度,有利于优化混合模型的结构。 相似文献