共查询到20条相似文献,搜索用时 140 毫秒
1.
王秋华 《网络安全技术与应用》2005,(9):26-28
随着网络入侵事件的不断增加和黑客攻击水平的不断提高,传统的防火墙或入侵检测技术(IDS)已显得力不从心,这就需要引入一种全新的技术-入侵防护(IntrusionPreventionSystem,IPS)。本文在分析IDS不足的基础上,探讨了IPS的工作原理和技术特征及其面临的挑战。并探讨了未来网络安全深层防护的策略。 相似文献
2.
《Computer Fraud & Security》2003,2003(6):17-20
Peter StephensonThe concept of link analysis is fundamental in the tracing of various types of fraud. However, it also is quite useful for working out the suspected path of an attack. For link analysis to work well you will need a lot of data. The more data points you have that you know you can depend upon the better your chances of getting a reasonable back trace. In this month’s column we will discuss some techniques that you can use to perform a trace back to a suspected attacker. The reader should take note that there are reasons why this won’t work in some cases (we’ll cover those) and why you will need corroboration in any event. 相似文献
3.
Albert Borgmann 《AI & Society》2010,25(1):19-26
At its centennial in 2001, the American Philosophical Association bravely proclaimed: “Philosophy Matters.” But does it? It won’t unless it reaches the concreteness of everyday life. To do so was Martin Heidegger’s ambition, and one can read Saul Kripke’s books as an attempt to get mainstream American philosophy beyond its abstractions. At length, Kripke’s efforts, on one reading, failed while Heidegger’s remained incomplete. A theory of commodification can get us closer to the things that matter to us in everyday life. 相似文献
4.
针对小型电子商务系统的应用特点,分析该如何设计适合于它的入侵检测系统。为此,深入学习了Windows系统信息,采用了误用检测中的模式匹配和异常检测中的统计与数据挖掘方法来进行异常检测。最终,提出了一种基于主机的分布式入侵检测系统。通过测试发现,该体系结构的入侵检测系统能防范内外部攻击,并可以和防火墙联动,在发生异常时,使系统所受的损失最小,适用于基于windows平台的小型的电子商务系统。 相似文献
5.
《Journal of Network and Computer Applications》2007,30(1):81-98
An Intrusion Detection System (IDS) is a program that analyzes what happens or has happened during an execution and tries to find indications that the computer has been misused. A Distributed IDS (DIDS) consists of several IDS over a large network (s), all of which communicate with each other, or with a central server that facilitates advanced network monitoring. In a distributed environment, DIDS are implemented using co-operative intelligent agents distributed across the network(s). This paper evaluates three fuzzy rule-based classifiers to detect intrusions in a network. Results are then compared with other machine learning techniques like decision trees, support vector machines and linear genetic programming. Further, we modeled Distributed Soft Computing-based IDS (D-SCIDS) as a combination of different classifiers to model lightweight and more accurate (heavy weight) IDS. Empirical results clearly show that soft computing approach could play a major role for intrusion detection. 相似文献
6.
Shigen Shen Yuanjie Li Hongyun Xu Qiying Cao 《Computers & Mathematics with Applications》2011,62(6):2404-2416
As Wireless Sensor Networks (WSNs) become increasingly popular, it is necessary to require Intrusion Detection System (IDS) available to detect internal malicious sensor nodes. Because sensor nodes have limited capabilities in terms of their computation, communication, and energy, selecting the profitable detection strategy for lowering resources consumption determines whether the IDS can be used practically. In this paper, we adopt the distributed-centralized network in which each sensor node has equipped an IDS agent, but only the IDS agent resided in the Cluster Head (CH) with sufficient energy will launch. Then, we apply the signaling game to construct an Intrusion Detection Game modeling the interactions between a malicious sensor node and a CH-IDS agent, and seek its equilibriums for the optimal detection strategy. We illustrate the stage Intrusion Detection Game at an individual time slot in aspects of its player’s utilities, pure-strategy Bayesian–Nash equilibrium (BNE) and mixed-strategy BNE. Under these BNEs the CH-IDS agent is not always on the Defend strategy, as a result, the power of CH can be saved. As the game evolves, we develop the stage Intrusion Detection Game into a multi-stage dynamic Intrusion Detection Game in which, based on Bayesian rules, the beliefs on the malicious sensor node can be updated. Upon the current belief and the Perfect Bayesian equilibrium (PBE), the best response strategy for the CH-IDS agent can be gained. Afterward, we propose an intrusion detection mechanism and corresponding algorithm. We also study the properties of the multi-stage dynamic Intrusion Detection Game by simulations. The simulation results have shown the effectiveness of the proposed game, thus, the CH-IDS agents are able to select their optimal strategies to defend the malicious sensor nodes’ Attack action. 相似文献
7.
8.
入侵检测的发展趋势--从IDS到IMS 总被引:1,自引:1,他引:0
殷宏涛 《网络安全技术与应用》2005,(8):48-49
入侵检测系统(IDS)近年得到了广泛的应用,但是仍有很多人对入侵检测系统的认识还是相对模糊,本文从入侵检测系统的地位、入侵检测技术的发展、应用角度、入侵检测进入IMS时代以及IMS时代特性等方面对入侵检测进行了详细的剖析,在未来,IMS可以帮助用户建立一个动态的纵深化的可信监管体系,使其把握网络安全全局。 相似文献
9.
提出一个三维度IDS评估指标体系。该指标体系能客观全面地定量评价IDS各个方面的特点和表现,使用该指标体系得出的评价结果具有较好的参考价值。该研究成果对IDS的设计和评估研究具有重要的价值和帮助作用。 相似文献
10.
A Software Fault Tree Approach to Requirements Analysis of an Intrusion Detection System 总被引:2,自引:0,他引:2
Guy Helmer Johnny Wong Mark Slagell Vasant Honavar Les Miller Robyn Lutz 《Requirements Engineering》2002,7(4):207-220
Requirements analysis for an intrusion detection system (IDS) involves deriving requirements for the IDS from analysis of
the intrusion domain. When the IDS is, as here, a collection of mobile agents that detect, classify, and correlate system
and network activities, the derived requirements include what activities the agent software should monitor, what intrusion
characteristics the agents should correlate, where the IDS agents should be placed to feasibly detect the intrusions, and
what countermeasures the software should initiate. This paper describes the use of software fault trees for requirements identification
and analysis in an IDS. Intrusions are divided into seven stages (following Ruiu), and a fault subtree is developed to model
each of the seven stages (reconnaissance, penetration, etc.). Two examples are provided. This approach was found to support
requirements evolution (as new intrusions were identified), incremental development of the IDS, and prioritisation of countermeasures.
Correspondence and offprint requests to: G. Helmer, Department of Computer Science, 226 Atanasoff Hall, Iowa State University, Ames, Iowa 50011, USA. Email: ghelmer@cs.iastate.edu 相似文献
11.
12.
利用GA与SVM对NIDS进行关键特征提取 总被引:2,自引:0,他引:2
入侵检测是网络信息安全系统的重要组成部分,而检测特征数量的多少是影响整个入侵检测系统性能的重要因素。介绍了一种减少冗余特征、确定关键特征的方法。这种方法以检测精度为基准,借助遗传算法(GA)寻优,利用支持向量机(SVM)评价,根据统计学原理进行重要性排序。最后按照排序,根据检测精度和误判率变化情况减少冗余,确定关键特征。实验结果理想,并且,与文献[1,2]相比,关键特征更少,说明这种方法是科学的,是完全可行的。 相似文献
13.
入侵检测系统中网络数据采集技术研究 总被引:2,自引:0,他引:2
网络数据采集是入侵检测系统的基础组件。入侵检测系统采集到数据后,将首先通过过滤机制过滤掉无用的数据,然后对数据进行协议分析和模式匹配,以检测攻击的发生。本文对流行的网络数据采集工具Libpcap进行了详细分析,该工具只适合在普通网络环境下运行,不能满足高速入侵检测系统的需求。为此,本文又对零拷贝技术进行了研究与试验,并成功实现了该技术,从软件上满足了高速入侵检测系统的要求。 相似文献
14.
目前存在的网页防篡改和自动恢复技术主要有三种:时间轮询技术,事件触发技术+核心内嵌技术和文件过滤技术+事件触发技术。这三种方式都是对目标文件进行监控,当目标文件被篡改时就从备份文件中还原出原文件,但是却没有对备份文件做保护,如果备份文件被破坏,则无法正常的恢复原网页文件,所以在文件过滤+事件触发技术的基础上,研究了如何去使用MD5校验,DES加密,文件重命名等三种方式去保护备份文件的安全性。 相似文献
15.
《Computer Fraud & Security》2002,2002(7):18-20
In this column, we will take a somewhat different approach from previous columns. Instead of dealing with one issue, we’ll discuss several. If you prefer this approach, let us know. If you prefer the other, let us know. If you don’t care either way, let us know. If we don’t hear from you, I will take that as an overwhelming approval from you, our favourite customers, that you think I should do it the way I want to do it. 相似文献
16.
In “Why We Need Friendly AI”, Luke Muehlhauser and Nick Bostrom propose that for our species to survive the impending rise of superintelligent AIs, we need to ensure that they would be human-friendly. This discussion note offers a more natural but bleaker outlook: that in the end, if these AIs do arise, they won’t be that friendly.
相似文献17.
As soon as the Intrusion Detection System (IDS) detects any suspicious activity, it will generate several alarms referring to as security breaches. Unfortunately, the triggered alarms usually are accompanied with huge number of false positives. In this paper, we use root cause analysis to discover the root causes making the IDS triggers these false alarms; most of these root causes are not attacks. Removing the root causes enhances alarms quality in the future. The root cause instigates the IDS to trigger alarms that almost always have similar features. These similar alarms can be clustered together; consequently, we have designed a new clustering technique to group IDS alarms and to produce clusters. Then, each cluster is modeled by a generalized alarm. The generalized alarms related to root causes are converted (by the security analyst) to filters in order to reduce future alarms’ load. The suggested system is a semi-automated system helping the security analyst in specifying the root causes behind these false alarms and in writing accurate filtering rules. The proposed clustering method was verified with three different datasets, and the averaged reduction ratio was about 74% of the total alarms. Application of the new technique to alarms log greatly helps the security analyst in identifying the root causes; and then reduces the alarm load in the future. 相似文献
18.
19.
20.
攻击检测系统是网络安全战略预警系统的重要组成部分,它从现有的入侵检测系统(IDS)出发,应用当前的民用技术来发展更先进的入侵检测系统(IDS),又将数据输入从逻辑入侵拓展到物理、心理和情报攻击,这些都是信息战进攻的一部分,本文主要探讨适合大范围协同攻击的检测技术。 相似文献