数据挖掘技术在入侵检测中的应用

数据挖掘技术已在误用检测和异常检测中得到应用。论文介绍了数据挖掘在入侵检测系统研究中的一些关键的技术问题,包括规则挖掘算法、属性集的选择和精简、模糊数据挖掘等。最后深入讨论了入侵检测系统的自适应问题,并提出了相应的解决方法。     

移动Ad Hoc网络入侵检测研究

介绍了移动Ad Hoc网络入侵检测技术的最新研究进展。提出了移动Ad Hoc网络的特点、安全目标及其脆弱性等,分析了Ad Hoc网络中存在的主要安全威胁和 Ad Hoc网络中入侵检测系统结构,并对现有的几种典型Ad Hoc网络入侵检测方案进行了的分类论述,从决策方式、通信机制、检测模式和优缺点几个方面进行综合比较。对移动Ad Hoc中入侵检测技术的选择提出了建设性的建议,并指出了下一步的研究方向。     

主动数据库系统在IDS中的应用模型

利用教据库的主动功能,实现网络层和分析层的接口,提高了网络入侵检测系统(IDS)的分析处理性能,使其达到近实时检测;对主动数据库系统(aDBs)功能结构进行了介绍,并将其应用到IDS中,建立了两层入侵检测体系结构,最后分析并列举IDS中的数据库应具有的主动功能。     

入侵检测技术研究

入侵检测是保护系统安全的重要途径。给出了入侵和入侵检测的概念，说明了入侵检测的必要性，介绍了多种入侵检测方法和数据监测技术以及一些相关技术，最后讨论了该领域今后的发展方向。     

入侵检测系统数据集评测研究

入侵检测技术已经成为信息安全保障体系的重要组成部分。但是到目前为止,还没有广泛认同的入侵检测系统（IDS）评测标准,用户和研究人员对IDS和新的检测算法的有效性抱有疑问。解决这些问题的关键在于对IDS进行完善的评测。研究者对此提出了多种不同的IDS评测方案,如MIT Lincoln Lab提出的数据集评测和Neohapsis提出的OSEC（Open Security Evaluation Criteria）等。通过对评测结果的分析,能发现现有技术的不足,从而为IDS技术今后的研究提供指导。本文对MITLL提出的数据集评测方法进行了详细分析,阐述了数据集评测方法中的关键问题,并在MITLL研究的基础上,提出了相关改进方案,作为进一步的研究。     

A Software Fault Tree Approach to Requirements Analysis of an Intrusion Detection System

Requirements analysis for an intrusion detection system (IDS) involves deriving requirements for the IDS from analysis of the intrusion domain. When the IDS is, as here, a collection of mobile agents that detect, classify, and correlate system and network activities, the derived requirements include what activities the agent software should monitor, what intrusion characteristics the agents should correlate, where the IDS agents should be placed to feasibly detect the intrusions, and what countermeasures the software should initiate. This paper describes the use of software fault trees for requirements identification and analysis in an IDS. Intrusions are divided into seven stages (following Ruiu), and a fault subtree is developed to model each of the seven stages (reconnaissance, penetration, etc.). Two examples are provided. This approach was found to support requirements evolution (as new intrusions were identified), incremental development of the IDS, and prioritisation of countermeasures. Correspondence and offprint requests to: G. Helmer, Department of Computer Science, 226 Atanasoff Hall, Iowa State University, Ames, Iowa 50011, USA. Email: ghelmer@cs.iastate.edu     

入侵检测系统发展的研究综述

With the fast development of Internet,more and more computer security affairs appear. Researchers have developed many security mechanisms to improve computer security ,including intrusion detection (ID). This paper re-views the history of intrusion detection systems (IDS)and mainstream techniques used in IDS,showing that IDS couldimprove security only provided that it is devised based on the architecture of the target system. From this, we could see the trend of integration of host-oriented ,network-oriented and application-oriented IDSs.     

DMIDS：应用数据挖掘技术的网络入侵检测系统实现

当前入侵检测技术在网络流量剧增和入侵手段不断变化的情况下，往往无法精确、高效地描述入侵行为、正常行为和异常行为。针对这一不足，提出一种应用数据挖掘技术进行入侵检测模型的构建的方法，并介绍了模型中应用的相关技术以及一些实验结果。     

入侵检测系统及其在电力企业综合信息网中的应用

本文首先论述了入侵检测系统的原理、分类法及其优缺点,并以电力企业综合信息网为例,重点论述了入侵检测系统的应用,包括入侵检测系统对网络的总体需求和在网络上建设入侵检测系统的总体考虑。     

入侵检测系统评估技术述评

随着对入侵检测技术的深入研究和入侵检测产品的广泛应用，对入侵检测系统的评估成为一个重要的研究领域。本文说明了对入侵检测系统进行评估时的主要评价指标，包括入侵检测系统的检测率和误报、检测范围、检测延迟与负荷能力等方面。介绍了入侵检测评估的相关工作。分析了在1999年DARPA的离线评估中，所使用的测试网络环境和评估模型，并对其进行了评价。讨论了在对检测系统进行评估中的网络流量和主机使用模拟、攻击模拟以及评估报告的生成等关键技术。     

Intrusion detection in voice over IP environments

In this article, we present the design of an intrusion detection system for voice over IP (VoIP) networks. The first part of our work consists of a simple single- component intrusion detection system called Scidive. In the second part, we extend the design of Scidive and build a distributed and correlation-based intrusion detection system called Space Dive. We create several attack scenarios and evaluate the accuracy and efficiency of the system in the face of these attacks. To the best of our knowledge, this is the first comprehensive look at the problem of intrusion detection in VoIP systems. It includes treatment of the challenges faced due to the distributed nature of the system, the nature of the VoIP traffic, and the specific kinds of attacks at such systems. Y.-S. Wu and V. Apte contributed equally to the paper.     

大规模分布式入侵检测系统的研究

现在的入侵检测系统大多存在系统可扩展性差、入侵检测技术单一、缺乏对入侵事件有效的响应机制等问题,难以满足企业对入侵检测系统在规模及有效性上的的需求。文章设计了一种大规模分布式入侵检测系统的整体模型,并在系统中综合运用了多种入侵检测方法和响应机制,使整个系统具有好的规模扩展性、高的入侵检测性能和有效的响应机制。     

改善入侵检测系统响应性能的方法研究

实时响应能力是刻画高速入侵检测技术的主要性能指标之一。本文对入侵检测过程中的各关键环节进行分析和探讨,指出制约入侵检测系统实时响应性能的不利因素,提出了改进方法和措施,指出必须通过软硬件技术的结合才能实现高速入侵检测。     

基于神经网络的高效智能入侵检测系统

描述了一种采用人工神经网络技术的高效实时入侵检测模型，对网络数据处理、神经网络的训练及其算法、神经网络的检测及其算法进行了详细的论述，目的是用神经网络的优势来改进现存入侵检测系统中的一些不足之处，使入侵检测系统效率更高，更具智能化。     

入侵检测的可进化模糊规则分类器研究

随着入侵检测技术(IDS)在网络安全领域的作用越来越重要,将多种软计算方法应用到入侵检测技术中是构建智能入侵检测系统的新途径和尝试。本文将模糊数据挖掘技术和遗传算法相结合,提出一种基于遗传算法的模糊规则反复学习的方法,构造具有自适应能力的分类器,并进一步应用到计算机网络的入侵检测中。仿真测试证明了该方法的有效性。     

Wired and wireless intrusion detection system: Classifications, good characteristics and state-of-the-art

In computer and network security, standard approaches to intrusion detection and response attempt to detect and prevent individual attacks. Intrusion Detection System (IDS) and intrusion prevention systems (IPS) are real-time software for risk assessment by monitoring for suspicious activity at the network and system layer. Software scanner allows network administrator to audit the network for vulnerabilities and thus securing potential holes before attackers take advantage of them.

In this paper we try to define the intruder, types of intruders, detection behaviors, detection approaches and detection techniques. This paper presents a structural approach to the IDS by introducing a classification of IDS. It presents important features, advantages and disadvantages of each detection approach and the corresponding detection techniques. Furthermore, this paper introduces the wireless intrusion protection systems.

The goal of this paper is to place some characteristics of good IDS and examine the positioning of intrusion prevention as part of an overall layered security strategy and a review of evaluation criteria for identifying and selecting IDS and IPS. With this, we hope to introduce a good characteristic in order to improve the capabilities for early detection of distributed attacks in the preliminary phases against infrastructure and take a full spectrum of manual and automatic response actions against the source of attacks.     

分布式入侵检测系统研究与实现

该文提出了综合多种入侵检测与防范技术的分布式网络入侵检测系统平台(DistributedIntrusionDetectionSystemsPlatform,DIDSP)的总体框架,并对基于网络和基于主机的入侵检测系统的实现方法进行了详细讨论。系统采用插件机制,可以很容易地集成新的入侵检测技术,具有良好的可扩展性。     

粗糙集在基于神经网络的入侵检测系统的探讨

随着计算机网络的发展,传统的计算机安全理论己不能适应网络环境的发展变化。传统的入侵检测系统在有效性、适应性和可扩展性方面存在一定的不足。因此,神经网络、遗传算法、粗糙集等理论被不断引入到入侵检测领域,来提高入侵检测的性能。本文主要是在对提高入侵检测能力的有效手段方面作了一些探讨。     

入侵检测技术研究

网络安全足当前的研究热点,入侵检测技术是网络安全中最主要的主动防范技术。该文介绍了入侵检测技术的概念、分类和发展现状;在归纳的基础上,对其核心技术——入侵分析技术进行了深入的分析和比较,给出了多种入侵分析技术有机结合的实例。针对入侵检测发展较晚和没有标准化的现状,提出了入侵检测所面临的最迫切的几个问题,并给出了可能的解决途径。最后对入侵检测系统的发展方向进行展望,结合多种技术提出了一种新的入侵检测框架。     

An Experimental Investigation into the Effectiveness of OOA for Specifying Requirements

The application of object oriented concepts (OO) to the requirements phase of information systems (IS) and software development has been adopted by many proponents of IS and software development methodologies. Although many claims have been made about the effectiveness of OO techniques for improving requirements analysis, very few experimental studies have been done to substantiate these claims. This paper addresses this gap in the literature by conducting an experimental study that attempts to validate the effectiveness of object-oriented analysis (OOA) by comparing it to structured analysis (SA) for producing requirements. We argue that the quality of the requirements specification can be measured and that measurement can be used to compare the effectiveness of OOA and SA. We present an overview of the basic models and principles associated with OOA and SA, a discussion of quality in requirements definition, and a detailed discussion of the research methodology used. A review of relevant research is also presented and directions for further research are suggested. Our findings suggest that the OOA methodology does not necessarily produce better requirements statements.