共查询到20条相似文献,搜索用时 109 毫秒
1.
网络攻击追踪方法的分析与系统模型的建立 总被引:2,自引:0,他引:2
目前 ,计算机网络安全问题越来越严重。入侵检测是识别网络攻击的主要手段 ,现有的入侵检测系统可以检测到大多数基于网络的攻击 ,但不能提供对真实攻击来源的有效追踪。本文分析了IP地址追踪方法 ,结合现有的入侵检测技术提出了网络攻击源追踪系统的模型 ,阐述了该系统的体系结构和各部分的主要功能 ,给出了利用相关性分析对攻击者的攻击路径进行回溯的基本思想 ,对网络安全管理具有一定的借鉴意义。 相似文献
2.
3.
当前网络安全问题是一个瓶颈问题,在网络入侵检测中机器学习可以看作是为了通过学习和积累经验提高攻击检测系统的性能而建立的计算机程序。机器学习应用于网络攻击检测,对网络的大量数据进行分析并通过学习算法自动产生规则,从而使网络具有自动识别攻击的能力。本文在详细介绍网络攻击检测系统机器学习原理的基础上,对现有的各种方法进行了评述并结合网络攻击检测的应用需求,阐述了网络攻击检侧系统机器学习技术的发展方向。 相似文献
4.
网络攻击图是用数学方法对网络状态进行抽象得到的图结构。对网络攻击图的分析在入侵检测及网络攻击预警方面有着广泛的应用前景。在引入网络攻击图的概念和贝叶斯网的分析方法后,可对传统的攻击图生成和分析方法进行改进并得到基于节点置信度的攻击图生成和分析方法。该方法在进行网络入侵告警的同时,能够对未来的网络入侵概率和网络入侵方向进行预测,指导安全人员对网络入侵防御进行反应。 相似文献
5.
网络攻击方式的分析及相应的防御策略的研究 总被引:3,自引:0,他引:3
论文中列举了目前网络攻击的几种典型方式,分析了其攻击原理.结合实用的防火墙、入侵检测系统和系统本身的安全管理,针对有代表性的网络攻击方式,讨论和分析了它们具体的防御策略。 相似文献
6.
网络攻击越来越复杂,入侵检测系统产生大量告警日志,误报率高,可用性低。为此,论文提出采用聚类分析、关联挖掘算法和基于彩色Petri网的联合挖掘多步骤攻击方法进行IDS告警关联,从宏观和微观攻击轨迹角度重建攻击场景,提高了入侵检测系统的可用性。 相似文献
7.
8.
随着网络的不断发展,网络攻击工具越来越多,有的攻击工具自动化程度较高,甚至可以针对性地对IPv6漏洞进行攻击,在这种形势下,网络安全入侵检测技术应运而生。文章从IPv6协议和网络安全入侵检测技术的概念入手,分析基于IPv6协议的网络安全入侵检测技术的应用。 相似文献
9.
10.
11.
Standard pattern-matching methods used for deep packet inspection and network security can be evaded by means of TCP and IP fragmentation. To detect such attacks, intrusion detection systems must reassemble packets before applying matching algorithms, thus requiring a large amount of memory and time to respond to the threat. In the literature, only a few efforts proposed a method to detect evasion attacks at high speed without reassembly. The aim of this article is to introduce an efficient system for anti-evasion that can be implemented in real devices. It is based on counting Bloom filters and exploits their capabilities to quickly update the string set and deal with partial signatures. In this way, the detection of attacks and almost all of the traffic processing is performed in the fast data path, thus improving the scalability of intrusion detection systems. 相似文献
12.
Bharathi Retnaswamy Krishna Kumar Ponniah 《International Journal of Communication Systems》2016,29(17):2490-2502
Ontologies play an essential role in knowledge sharing and exploration, especially in multiagent systems. Intrusion is an unauthorized activity in a network, which is achieved by either active manner (information gathering) or passive manner (harmful packet forwarding). Most of the existing intrusion detection system (IDS) suffers from the following issues: it is usually adjusted to detect known service level network attacks and leaves from vulnerable to original and novel malicious attacks. Thus, it provides low accuracy and detection rate, which are the important problems of existing IDS. To overwhelm these drawbacks, an ontology‐based multiagent IDS framework is developed in this work for intrusion detection. The main intention of this work is to detect the network attacks with the help of multiple detection agents. In this analysis, there are 3 different types of agents, ie, IDS broker, deputy commander, and response agent, which are used to prevent and detect the attacks in a network. The novel concept of this work is based on the concept of signature matching; it identifies and detects the attackers with the help of multiple agents. 相似文献
13.
This paper discusses the use of intrusion detection systems to protect against the various threats faced by computer systems by way of worms, viruses and other forms of attacks. Intrusion detection systems attempt to detect things that are wrong in a computer network or system. The main problems of these systems, however, are the many false alarms they produce, their lack of resistance to both malicious attacks and accidental failures, and the constant appearance of new attacks and vulnerabilities. IBM Zurich Research Laboratory has developed a system that specifically targets worms rather than trying to prevent all breaches of computer security. Called Billy Goat, the specialized worm detection system runs on a dedicated machine connected to the network and detects worm-infected machines anywhere in it. Billy Goat has been proven effective at detecting worm-infected machines in a network. It is currently used in several large corporate intranets, and it is normally able to detect infected machines within seconds of their becoming infected. Furthermore, not only is it able to detect the presence of a worm in the network, it can even provide the addresses of the infected machines. This makes it considerably easier to remedy the problem. 相似文献
14.
《IEEE network》2009,23(1):2-2
This Special Issue is dedicated to the topic of network intrusion detection. The wide use of many varieties of intrusion detection systems reveals a certain degree of acceptance that, despite our best intentions for building secure systems, there is always enough opportunity for attacks, possibly exploiting weaknesses of the very systems we thought to be secure. Moreover, even though attacks usually follow patterns that can be subsequently used to detect them, they also happen to be the product of intelligent adversaries ? humans. The ability to orchestrate ever more elaborate attacks, exhibiting patterns not seen before, means that we expect an IDS to be ready to discern new patterns found to be conceivably detrimental to the security requirements of a system. Intrusion detection systems are sometimes criticized as doing too little too late. However, there are cases where even a late response is better than no response at all. 相似文献
15.
基于克隆选择聚类的入侵检测 总被引:1,自引:1,他引:1
白琳 《微电子学与计算机》2007,24(3):135-137,141
提出基于克隆选择的模糊聚类算法,将该聚类算法用于网络入侵检测。针对入侵数据的混合属性改进距离测度的计算方法,实现了对大规模混合属性原始数据的异常检测,并能有效检测到未知攻击。在KDDCUP99数据集中进行了对比仿真实验,实验结果表明算法对已知攻击和未知攻击的检测率以及算法的误誊率都是理想的。 相似文献
16.
This paper describes the design and implementation of protocol scrubbers. Protocol scrubbers are transparent, interposed mechanisms for explicitly removing network scans and attacks at various protocol layers. The transport scrubber supports downstream passive network-based intrusion detection systems by converting ambiguous network flows into well-behaved flows that are unequivocally interpreted by all downstream endpoints. The fingerprint scrubber restricts an attacker's ability to determine the operating system of a protected host. As an example, this paper presents the implementation of a TCP scrubber that eliminates insertion and evasion attacks-attacks that use ambiguities to subvert detection-on passive network-based intrusion detection systems, while preserving high performance. The TCP scrubber is based on a novel, simplified state machine that performs in a fast and scalable manner. The fingerprint scrubber is built upon the TCP scrubber and removes additional ambiguities from flows that can reveal implementation-specific details about a host's operating system. 相似文献
17.
Several new attacks have been identified in CRNs such as primary user emulation, dynamic spectrum access (DSA), and jamming attacks. Such types of attacks can severely impact network performance, specially in terms of the over all achieved network throughput. In response to that, intrusion detection system (IDS) based on anomaly and signature detection is recognized as an effective candidate solution to handle and mitigate these types of attacks. In this paper, we present an intrusion detection system for CRNs (CR-IDS) using the anomaly-based detection (ABD) approach. The proposed ABD algorithm provides the ability to effectively detect the different types of CRNs security attacks. CR-IDS contains different cooperative components to accomplish its desired functionalities which are monitoring, feature generation and selection, rule generation, rule based system, detection module, action module, impact analysis and learning module. Our simulation results show that CR-IDS can detect DSA attacks with high detection rate and very low false negative and false positive probabilities. 相似文献
18.
针对基于无线传感网络(WSN)的关键基础设施安全监测问题,提出一种基于数据融合阶段的自适应入侵检测算法。该算法以基于权重的簇化网络结构为基础,利用异常检测子系统和误用检测子系统分别检测已知攻击和未知攻击,然后通过跟踪2个子系统接收操作特征(ROC)和奖惩机制,自动调整转发至2个子系统的融合数据比例,即可实现在数据融合阶段对关键基础设施的自适应入侵检测。仿真分析表明:该算法的准确率和检测率高达99.6%和94.9%以上,与其他经典入侵检测系统相比,可分别至少提高0.5%和10.2%左右。 相似文献
19.
Tartakovsky A.G. Rozovskii B.L. Blazek R.B. Hongjoong Kim 《Signal Processing, IEEE Transactions on》2006,54(9):3372-3382
Large-scale computer network attacks in their final stages can readily be identified by observing very abrupt changes in the network traffic. In the early stage of an attack, however, these changes are hard to detect and difficult to distinguish from usual traffic fluctuations. Rapid response, a minimal false-alarm rate, and the capability to detect a wide spectrum of attacks are the crucial features of intrusion detection systems. In this paper, we develop efficient adaptive sequential and batch-sequential methods for an early detection of attacks that lead to changes in network traffic, such as denial-of-service attacks, worm-based attacks, port-scanning, and man-in-the-middle attacks. These methods employ a statistical analysis of data from multiple layers of the network protocol to detect very subtle traffic changes. The algorithms are based on change-point detection theory and utilize a thresholding of test statistics to achieve a fixed rate of false alarms while allowing us to detect changes in statistical models as soon as possible. There are three attractive features of the proposed approach. First, the developed algorithms are self-learning, which enables them to adapt to various network loads and usage patterns. Secondly, they allow for the detection of attacks with a small average delay for a given false-alarm rate. Thirdly, they are computationally simple and thus can be implemented online. Theoretical frameworks for detection procedures are presented. We also give the results of the experimental study with the use of a network simulator testbed as well as real-life testing for TCP SYN flooding attacks. 相似文献
20.
入侵检测是近几年发展起来的新型网络安全策略,它实现了网络系统安全的动态检测和监控,但是它具有漏报、误报和无法检测新型攻击的缺点,蜜罐的引入使得这种情况得到改善。介绍了Honeypot技术的原理和分类,并提出了一种可行的设计方案,通过Honeypot和入侵检测系统的结合应用来增强入侵检测系统的性能。 相似文献