入侵检测系统标准化分析研究

IDS(入侵检测系统)是继防火墙、数据加密等传统安全保护措施后新一代的安全保障技术,得到了越来越多的应用.其标准化问题研究,是入侵检测技术和产品发展的必然要求,标准化的制定有利于不同的IDS之间,增强信息共享和交换的能力,加强IDS之间的交流和协作.对公共入侵检测框架CIDF标准和入侵检测消息交换格式IDMEF标准进行了详细的分析研究.对我国标准制定提出了相关的思考.     

基于应用环境的入侵检测系统测试方案

目前对于入侵检测系统（intrusion detection system,IDS）产品的测试还没有统一的标准,各种测评机构对于IDS的测试方法也不尽相同.从用户的角度对IDS的测试进行了讨论,提出了基于具体应用环境的IDS测试方案,并对测试流程中的网络环境分析、测试环境构建过程中用到的关键技术和解决方法进行了探讨.     

智能入侵检测技术述评

入侵检测是网络安全技术研究的一个新方向,入侵检测技术是入侵检测系统(IDS)的核心。智能入侵检测技术由于其具有自学习、自适应等特点,已经成为目前的研究热点。文章首先简述了IDS的发展历史背景及其重要性,概要介绍了IDS常用的两类检测技术,详细介绍了几种常用的智能入侵检测技术,指出目前的智能检测技术存在的不足及其今后的发展趋势。     

入侵检测协作检测模型的分析与评估

目前,入侵检测系统(IDS)存在较高的误报率,这一直是困扰IDS用户的主要问题,而入侵检测系统主要有误用型和异常型两种检测技术,根据这两种检测技术各自的优点,以及它们的互补性,将两种检测技术结合起来的方案越来越多地应用于IDS.通过引入入侵检测能力,从理论上深刻解释了系统协作的必然性,提出了异常检测技术和误用检测技术相结合的IDS模型及其评估方法,降低了单纯使用某种入侵检测技术时产生的误报率,从而提高系统的安全性.     

入侵检测系统及其数据收集机制

这里剖析了防火墙技术的局限性,介绍了IDS概念、分类以及IDS的数据收集机制,尤其是实施外部、内部探测器收集机制.为我国理论研究和相关产品研制提供参考.     

隐秘攻击与入侵检测的体系结构

入侵检测系统（IDS）是目前研究的一个热点，IDS从攻吉者的角度来看待系统安全，已经成为安全体系结构中不可缺少的一个环节，但是目前的IDS检测技术还不够成熟，存在一些方法使得攻击者可能绕开IDS的检测，文章探讨了一种所谓的隐秘攻击技术，这种方法用以攻击传统的基于关键字匹配的IDS，然后从如何检测隐秘攻击的角度出发讨论了IDS的安全体系结构。     

一种应用移动代理的Ad-hoc网络IDS模型

本文分析了移动Ad-hoe网络的特点以及它对IDS的要求,提出了一种基于移动代理的移动Ad-hoe网络IDS模型.比较目前使用的移动Ad-hoe网络IDS,该模型充分应用了移动代理的各种优点,节省网络资源,改善通信质量,具有更好的适应性和灵活性.     

工业控制系统IDS技术研究综述

工业控制系统(Industrial Control System,ICS)作为工业大脑,与互联网连接的趋势越来越明显,但是开放的同时也暴露出严重的脆弱性问题。入侵检测作为重要的安全防御措施,能及时发现可能或潜在的入侵行为。论文从ICS网络安全现状及国家法律政策入手,首先介绍了ICS系统架构及其特点,给出了IDS入侵检测系统(Intrusion Detection System,IDS)的介绍,其次从误用入侵检测、异常入侵检测两个方面,对现有的ICS IDS的技术、算法的研究现状进行分析,最后针对当前ICS IDS的发展与应用现状,对整个ICS IDS的研究趋势进行了展望。     

入侵检测系统的发展历史

从大量史料中整理出入侵检测系统(Intrusion Detection System，IDS)研究与开发的历史，为人们了解IDS的历史进程，把握IDS目前研究与开发的热点提供参考。     

无线传感网中的入侵检测关键技术研究

由于无线链路的弱点,节点缺少物理保护,拓扑的动态变化,缺乏集中的监控点等,使得无线传感器网络存在着更多的安全问题.入侵检测技术可作为第二道安全防线来弥补入侵预防技术的不足,是当前研究的热点问题之一.文章结合目前无线传感网IDS技术的发展现状,对入侵检测方法、IDS模型进行深入分析,并针对静态IDS模型存在的问题,提出了一种动态的IDS模型,在安全性、稳定性和健壮性方面都有所改进.     

入侵检测系统的评估指标体系

提出一个三维度IDS评估指标体系。该指标体系能客观全面地定量评价IDS各个方面的特点和表现,使用该指标体系得出的评价结果具有较好的参考价值。该研究成果对IDS的设计和评估研究具有重要的价值和帮助作用。     

基于TCP/IP的入侵检测评测技术研究

入侵检测系统的评测是入侵检测研究的一个重要方面。论文研究TCP/IP协议下如何利用协议的脆弱性按层次生成评测数据,在此基础上提出了分段混合评测的入侵检测评测方法。该方法的主要思想是数据混合和评测分段。相对以往的评测方法,由于数据混合,它的评测数据更丰富、更接近现实环境,而且可以自由添加;由于评测分段,简化了评测的实现,对正常网络的干扰很小,能够生成一些特定网络中无法生成的攻击。     

一种基于改进ART-2的入侵检测方法

指出了直接把标准ART-2网络应用于入侵检测时存在的两个问胚：对基本相似、仅有个别分量差别较大的向量不能正确分类；输入向量特征丢失。并根据入侵检测的特定应用，相应地提出在首先对输入向量进行规范化处理．然后用新引入的一种具有更严格测试准则ART-2网络对其进行处理的方法，以期提高入侵检测系统的检测率和误检率。     

基于回报期望的入侵检测系统性能评估

随着入侵检测技术和产品的发展,如何有效地评价入侵检测系统的有效性和可靠性成为了目前网络安全研究的一个热点问题。本文描述了目前入侵检测中一些常用的模型,对其优缺点进行了详细的描述。针对目前入侵检测系统的速度、准确率问题,结合入侵期望值模型,通过分析和推导给出了其值的最优参考值。给出了误报率、漏报率和入侵率与入侵个数乘积之间的关系,通过该关系可以得到入侵率与入侵个数乘积的值,其值对入侵检测系统的性能评估具有重要的意义。通过仿真实验验证了基于回报期望的入侵检测系统性能评估模型在入侵检测系统性能评估应用中的可行性。     

Mixing Wheat with the Chaff: Creating Useful Test Data for IDS Evaluation

As the use of intrusion detection systems (IDSs) continues to climb and as researchers find more ways to detect attacks amid a vast ocean of data. The problem of testing IDS solutions has reared its ugly bead. Showing that one technique is better than another or training an IDS about normal usage requires test data. As it turns out, collecting or creating such a data set is something of a catch-22. If the data already contains attacks, researchers will train the IDS to see the attacks as normal; the IDS could then fail to register them as malicious events in the future. The most efficient way, however, to determine whether a large data set contains malicious events is to scan it with existing IDS. Thus, any attacks that the existing IDS fails to find are presented to the new IDS as normal data leading to potential false negatives. Clearly, breaking this cycle requires an independent source of verifiable attack-free training data with which to train IDSs.     

A novel Intrusion Detection System for Vehicular Ad Hoc Networks (VANETs) based on differences of traffic flow and position

Vehicle ad hoc networks (VANETs) have attracted great interests from both industry and academia, but a number of issues, particularly security, have not been readily addressed. Intrusion Detection System (IDS) as one of the most important approaches to protect network security has been studied adequately in previous literatures. However, the performance of IDSs still needs to be improved to adapt the scenario of VANETs which are very fast moving and highly dynamic. In this paper, we propose a novel IDS that is able to be appropriately used in the wireless and dynamic networks, like VANETs. It mainly contains a novel feature extraction algorithm and a classifier based on an improved growing hierarchical self-organizing map (I-GHSOM) for IDS in VANETs. The proposed feature extraction algorithm is used to quickly extract distinct features from vehicle messages for IDS’s training and test. In the proposed algorithm, two key features including the differences of traffic flow and of position are extracted. The former feature is calculated according to the range of the distance between vehicles, while both a voting filter mechanism and a semi-cooperative mechanism are designed to get the latter feature. Furthermore, in the I-GHSOM-based classifier, for quickly attaining precise classification results, two novel mechanisms (relabeling and recalculating mechanisms) are proposed to relabel the units of GHSOM and check whether the balance of GHSOM structure is broken or not. Simulation results show that the proposed IDS is better than others in the measurement of accuracy, stability, processing efficiency and message scales.     

Algorithms for a distributed IDS in MANETs

This paper presents a set of distributed algorithms that support an Intrusion Detection System (IDS) model for Mobile Ad hoc NETworks (MANETs). The development of mobile networks has implicated the need of new IDS models in order to deal with new security issues in these communication environments. More conventional models have difficulties to deal with malicious components in MANETs. In this paper, we describe the proposed IDS model, focusing on distributed algorithms and their computational costs. The proposal employs fault tolerance techniques and cryptographic mechanisms to detect and deal with malicious or faulty nodes. The model is analyzed along with related works. Unlike studies in the references, the proposed IDS model admits intrusions and malice in their own algorithms. In this paper, we also present test results obtained with an implementation of the proposed model.     

基于日志的网络背景流量模拟仿真

入侵检测系统（IDS）的开发与评估需要一个仿真的网络环境，网络流量模拟仿真技术是其中关键技术之一．在详细分析了网络流量的模拟仿真技术及其相关软件基础上，设计并实现了一种基于日志的网络背景流量模拟仿真软件，解决了入侵检测系统测试中的攻击类型定义和背景流量问题，并使用谊软件模拟真实的网络环境对入侵检测系统进行测试分析，实验结果表明，基于日志的网络背景流量仿真软件能够在日志信息的基础上以不同速度动态回放网络流量仿真数据，并能够对日志数据进行修改．增加了对入侵检测系统测试的灵活性．     

Decision tree based light weight intrusion detection using a wrapper approach

The objective of this paper is to construct a lightweight Intrusion Detection System (IDS) aimed at detecting anomalies in networks. The crucial part of building lightweight IDS depends on preprocessing of network data, identifying important features and in the design of efficient learning algorithm that classify normal and anomalous patterns. Therefore in this work, the design of IDS is investigated from these three perspectives. The goals of this paper are (i) removing redundant instances that causes the learning algorithm to be unbiased (ii) identifying suitable subset of features by employing a wrapper based feature selection algorithm (iii) realizing proposed IDS with neurotree to achieve better detection accuracy. The lightweight IDS has been developed by using a wrapper based feature selection algorithm that maximizes the specificity and sensitivity of the IDS as well as by employing a neural ensemble decision tree iterative procedure to evolve optimal features. An extensive experimental evaluation of the proposed approach with a family of six decision tree classifiers namely Decision Stump, C4.5, Naive Baye’s Tree, Random Forest, Random Tree and Representative Tree model to perform the detection of anomalous network pattern has been introduced.     

入侵检测系统的研究

目前,网络安全是网络研究的热点,而随着对计算机系统弱点和入侵行为分析研究的深入,入侵检测系统在网络安全中发挥着越来越重要的作用,并成为处理网络安全问题的有效工具,对传统的安全防范技术起了重要的补充作用。该文介绍了研究入侵检测系统的意义,分析了入侵检测系统的一般工作流程,并给出了入侵检测系统的几种分类方法。入侵检测系统也有自身的局限性并且面临着诸多挑战。文章最后阐述入侵检测系统有待解决的关键问题以及入侵检测系统在我国网络安全中的重要地位。