排序方式: 共有95条查询结果,搜索用时 0 毫秒
41.
当网络流量超出网络入侵检测系统(NIDS)负载能力时,漏检将不可避免,此时应选择较危险的数据包优先处理。因多媒体数据包在流量中所占比例较大,故曾提出对其识别和特殊处理的方法,收效良好。在此基础上,提出结合遗传算法的NIDS多媒体包多线程择危模型,该模型能在漏检发生时,根据不同线程的最大处理能力,按照多媒体数据包的危险程度择危优先处理。实验结果表明,使用该模型能够有效提高NIDS在每个线程内所选择的多媒体数据包序列的危险系数。 相似文献
42.
ABSTRACTIntrusion detection systems are one of the necessities of networks to identify the problem of network attacks. Organizations striving to protect their data from intruders are often challenged by attackers, who find new ways to attack and compromise the security of the network. The detection process becomes quite difficult while dealing with high-speed and distributed attacks that are performed using botnets. These attacks threat both the confidentiality of legitimate users and the infrastructure of the network and to protect them, early discovery of network attacks is important. In this paper, an open source Intrusion Detection System (IDS), Snort is presented as a solution to detect DoS and Port Scan network attacks in a high-speed network. A set of custom rules has been proposed for Snort to detect DoS and Port Scan attacks in high-speed network. The rules are compared and tested using different attack generators like Scapy, Hping3, LOIC and Nmap. Snort’s efficiency in detecting the DoS and Port Scan attacks using the new rules is experimentally proved to be around 99% for all the attacks except for Ping of Death. The proposed system works well for different attack generators in a high-speed network. 相似文献
43.
Advanced Payload Analyzer Pre-processor (APAP) is an intrusion detection system by analysis of Payload from network traffic looking for malware. APAP implements its detection algorithm as “dynamic pre-processor” of Snort. By working together, a highly effective system to known attacks (by passing Snort rules) and equally effective against new and unknown attacks is obtained. APAP consists of two phases: training and detection. During training, a statistical model of legitimate network traffic through the techniques Bloom filter and n-grams is created. Then results obtained by analyzing a dataset of attacks with this model are compared. Consequently, a set of rules able to determine whether a payload corresponds to malware or otherwise legitimate traffic is obtained. During detection, monitored traffic is passed by the Bloom filter which is created in the training phase, and the obtained results are compared with rules. Training requires two datasets: a collection of habitual and legitimate traffic and samples of malicious traffic. This approach offers various improvements compared with similar proposals. The most outstanding is a new method for filling Bloom filters and thereby building usage models. The implementation of a rule system based on Ks speeds up decision-making. Results obtained by analyzing real HTTP traffic prove a high hit rate (95%) and a low false positive rate (0.1%). 相似文献
44.
针对HiCuts算法在NIDS应用上存在着空间异常膨胀和决策树不平衡性的问题,提出了一种P-Hi-Cuts算法.P-HiCuts(Pruned HiCuts)对原报文空间分组算法进行改进,采用覆盖规则上提和非均匀切分的技术解决原有问题,从理论上减小了决策树深度.实验结果显示,改进后决策树深度空间占用缩小到原来的10%,分类速度也提升了13.71%. 相似文献
45.
NIDS在检测网络入侵行为时面临的难题是错报、漏报和数据整合,Honeypot很好地解决了这几个问题,是NIDS的有益补充。论文分析探讨了基于Honeypot的网络入侵行为检测、捕获、预警的相关技术,在此基础上给出一个基于Honeypot的网络入侵行为捕获模型。实验证明了这个模型在捕获网络入侵行为过程中的有效性和适用性。 相似文献
46.
依据实际实验,对黑客常用的网络入侵方法进行了分析和总结,并对NIPS的在线检测和入侵防护方法做了具体的介绍(包括NIPS的特征匹配、协议分析和异常检测的特点)。通过检测攻击行为的特征,来检查当前网络的会话状态,避免受到欺骗攻击,这点对于网络入侵在线检测和入侵防护是非常有效的。 相似文献
47.
48.
网络入侵检测系统的分析与设计 总被引:5,自引:0,他引:5
随着网络的高速发展,网络信息安全问题不断暴露出来。介绍了入侵检测系统中的网络入侵检测系统(NIDS)的基本概念和分析设计原理。系统采用了模块化设计,对各模块都进行了分析设计介绍。 相似文献
49.
从近几年的趋势来看,蠕虫以及DDOS等复合攻击将成为今后网络入侵的主要表现形式.入侵检测系统对复合攻击的检测能力逐渐成为入侵检测系统(IDS)能力测试中的一个重要方面.当前的测试方法主要采用搜集实际的攻击工具来进行攻击测试数据的生成.该方法受实际攻击形式的限制,所生成的数据集无法完成对IDS复合攻击检测能力的完备测试,并且不支持攻击的形式化描述与自动生成,使得测试数据集的生成效率很低.为此提出采用人工构造的完备入侵场景库来生成攻击流量,并在攻击流量中混合入噪声流量增加测试的准确性和公平性.基于这些改进,设计了一种针对滥用入侵检测系统评估的复合攻击测试数据生成系统,并应用在实际的IDS评估系统中. 相似文献
50.