共查询到17条相似文献,搜索用时 93 毫秒
1.
本文针对网络安全整体性和动态性的需求,基于分布式开放平台安全互联思想,实现防火墙与入侵检测系统的联动,路由器与入侵检测系统的联动,对突发网络攻击进行主动防御,提出多种网络安全技术的联动思想,提高局域网的安全性。 相似文献
2.
针对将安全产品有机集成来体现网络安全的垫体性和动态性的需求,基于开放坪台安全互联体系结构的思想,提出防火墙与入侵检测系统联动的模型框架。采用UML对静态结构和动态行为建模。该联动模型对不同系列防火墙和入侵检测产品的联动具有工程指导意义。 相似文献
3.
防火墙与入侵检测系统的联动 总被引:3,自引:0,他引:3
从网络安全整体性和动态性的需求考虑,采用分布式开放平台安全互联的方法,实现防火墙与入侵检测系统的联动。提出联动系统对突发网络攻击进行主动防御的思想,对相应关键技术进行了探讨,目的在于增强入侵检测系统的阻断功能。 相似文献
4.
5.
6.
针对网络安全防御问题,本文提出了联动的思想。通过对windows自带防火墙IPSec的研究,利用网络入侵检测系统Snort,结合联动技术,设计并实现了一种基于Snort的具备了初步入侵防御功能的联动系统。并对此系统进行了全面测试,结果证明此系统可以实时的阻断入侵,保障网络的安全。 相似文献
7.
防火墙与入侵检测作为保护网络安全的重要技术手段被广泛应用,但目前二者往往都分开单独使用,不能满足网络安全整体化的要求.以完善校园网络安全管理为背景,对防火墙与入侵检测系统进行了介绍,对防火墙与入侵检测联动系统进行了设计,并对主要技术的实现进行了分析. 相似文献
8.
防火墙与入侵检测系统联动的研究与实现 总被引:25,自引:0,他引:25
防火墙与入侵检测系统联动,可以有效提升防火墙的机动性和实时反应能力,同时也可增强入侵检测系统的阻断功能,目前已成为一个研究热点。本文从OPSEC和TOPSEC协议出发,对防火墙与入侵检测系统之间联动的技术进行了深入的分析,给出了防火墙与入侵检测系统联动的关键技术,并对如何保障自身安全进行了探讨;提出利用开放接口方式实现双方联动的思想,并针对具体产品给出了具体实现。 相似文献
9.
IDS与IPS的分析与对比 总被引:2,自引:0,他引:2
崔捷 《网络安全技术与应用》2007,(12):84-85
本文对比分析了入侵检测系统、入侵防御系统以及"防火墙 入侵检测系统"联动防护机制这三种网络安全方案,讨论了其优缺点和未来发展方向。 相似文献
10.
LI An-ning 《数字社区&智能家居》2008,(34)
该文在对防火墙和入侵检测技术原理进行探讨的基础上,重点分析了防火墙与入侵检测系统联动的内在原因、功能特点和实现方式。分析结果表明,二者联动所构筑的网络安全体系既提升了防火墙的机动性和实时反应能力,又增强了入侵检测系统的阻断功能,从而全面提高网络系统的整体安全防护能力。 相似文献
11.
Meharouech Sourour Bouhoula Adel Abbes Tarek 《Journal of Network and Systems Management》2011,19(4):472-495
Internet is providing essential communication between an infinite number of people and is being increasingly used as a tool
for commerce. At the same time, security is becoming a tremendously important issue to deal with. Different network security
solutions exist and contribute to enhanced security. From these solutions, Intrusion detection systems (IDS) have become one
of the most common countermeasures for monitoring safety in computer systems and networks. The purpose of IDSs is distinguishing
between intruders and normal users. However, IDSs report a massive number of isolated alerts. These isolated alerts represent
low-level security-related events. Many of these isolated alerts are logically involved in a single multi-stage intrusion
incident and a security officer often wants to analyze the complete incident instead of each individual simple alert. Another
problem is that IDSs cannot work correctly with an environment managed with a NAT technique (Network Address Translation)
since the host information (IP address and port number) are affected by the NAT devices. In order to address these limitations,
the paper proposes a well-structured model to manage the massive number of isolated alerts and includes the NAT information
in the IDS analysis. In fact, our solution permits to determine the real identities of entities implicated in security issues
and abstracts the logical relation between alerts in order to support automatic correlation of those alerts involved in the
same intrusion and to construct comprehensible attacks scenarios. 相似文献
12.
入侵检测系统是现代网络安全的重要组成部分。入侵检测就是通过监视特定的计算机或网络,在检测可能的攻击,主要有两类入侵检测系统:基于主机的和基于网络的。前者监视整修网络或部分网段,后者监视特定的计算机。如将两类系统相结合,实时监控网络传输和系统事件,并对可疑的行为进行自动的安全响应,将最大程度地降低安全风险,保护网络的系统安全。 相似文献
13.
入侵检测系统已经成为网络安全技术的重要组成部分。然而,传统的异常入侵检测技术需要通过对大量训练样本的学习才能达到较高的检测精度,而大量训练样本集的获取在现实网络环境中是比较困难的。本文研究在网络入侵检测中采用基于支持向量机(SVM)的主动学习算法,解决训练样本获取代价过大带来的问题。通过基于SVM的主动学习算
算法与传统的被动学习算法的对比实验说明,主动学习算法能有效地减少学习样本数及训练时间,能有效地提高入侵检测系统的分类性能。 相似文献
算法与传统的被动学习算法的对比实验说明,主动学习算法能有效地减少学习样本数及训练时间,能有效地提高入侵检测系统的分类性能。 相似文献
14.
Security is an important but challenging issue in current network environments. With the growth of Internet, application systems
in enterprises may suffer from new security threats caused by external intruders. This situation results in the introduction
of security auditors (SAs) who perform some test methods with hacking tools the same as or similar to those used by hackers.
However, current intrusion detection systems (IDSs) do not consider the role of security auditors despite its importance.
This causes IDSs to generate many annoying alarms. In this paper, we are motivated to extend a current IDS functionality with
Identification Capability, called IDSIC, based on the auditing viewpoint to separate auditing traffic from malicious attacks.
The IDSIC architecture includes two components: fingerprint adder and fingerprint checker, which can provide a separability
of security auditors and hackers. With this architecture, we show that IDSICs can lower the consequential costs in the current
IDSs. Therefore, such IDSICs can ensure a more stable system performance during the security examination process. 相似文献
15.
Hung-Jen Liao Chun-Hung Richard Lin Ying-Chih Lin Kuang-Yuan Tung 《Journal of Network and Computer Applications》2013,36(1):16-24
With the increasing amount of network throughput and security threat, the study of intrusion detection systems (IDSs) has received a lot of attention throughout the computer science field. Current IDSs pose challenges on not only capricious intrusion categories, but also huge computational power. Though there is a number of existing literatures to IDS issues, we attempt to give a more elaborate image for a comprehensive review. Through the extensive survey and sophisticated organization, we propose the taxonomy to outline modern IDSs. In addition, tables and figures we summarized in the content contribute to easily grasp the overall picture of IDSs. 相似文献
16.
随着因特网技术的发展,入侵检测系统在计算机网络安全领域中的地位越来越重要.规模较以前有了很大的发展,使得传统的手工管理维护方式无法适应需求。本文深入分析了应用于入侵检测系统的数据融合和数据挖掘技术,并在此基础上提出了一种新的入侵检测系统架构模型。 相似文献