入侵检测系统技术现状及其发展趋势

阐述了入侵检测系统（IDS）的起源、发展和分类，介绍了它的结构和标准化工作，对入侵检测系统存在的问题及发展趋势作了概述。     

基于TCP/IP的入侵检测评测技术研究

入侵检测系统的评测是入侵检测研究的一个重要方面。论文研究TCP/IP协议下如何利用协议的脆弱性按层次生成评测数据,在此基础上提出了分段混合评测的入侵检测评测方法。该方法的主要思想是数据混合和评测分段。相对以往的评测方法,由于数据混合,它的评测数据更丰富、更接近现实环境,而且可以自由添加;由于评测分段,简化了评测的实现,对正常网络的干扰很小,能够生成一些特定网络中无法生成的攻击。     

UNIX系统入侵检测知识库体系结构研究

针对目前应用在UNIX系统中入侵检测知识库适应能力不足的问题.提出了一种适应于不同系统环境的知识库体系结构。检测规则按相应系统与服务类型以模块化形式存储,通过应用配制文件加载。实现了入侵检测知识库的可扩展性.提高了入侵检测知识库的通用性,并且可以提高检测规则的搜索效率。     

入侵检测在存储区域网中的应用

从SAN(存储区域网)的安全隐患出发,分析了SAN在应用环境中受到的三种典型威胁。结合现行的入侵检测技术给出一个可行的解决方案。     

无线网络的分布式入侵检测模型研究

对无线网络安全方面的问题和无线网络的特点进行了概述,分析了无线网络的入侵检测模型进行了分析,提出了一个分分布式的无线网络入侵检测系统模型,并给出了具体的拓扑结构设计,通过实验,证明这个入侵检测系统的设计和实现具有很好的安全性,其安全保障具有一定的实用性,值得推广。     

入侵检测主流技术及发展动态

入侵检测技术是网络安全的主要技术和网络研究的热点,入侵检测方法包括基于数据挖掘、粗糙集、模式识别、支持向量机和人工免疫等主要技术,详细分析了各种检测方法在入侵检测应用中的优缺点。通过回顾研究人员近期的研究成果,提出了该技术的主要发展方向,为进一步研究提供参考。     

一种基于门限ECC的PKI/CA模型的设计

随着电子商务的发展,如何实现对网络用户的身份认证成为了一个非常迫切的问题,目前广泛采用的是基于PKI的认证技术,而在PKI认证体系中,认证中心CA是核心部分。本文提出了一个基于门限ECC的PKI/CA的设计,本方案在传统的CA方案上引入了入侵容忍机制,结合椭圆曲线密码体制和门限密码方案,提高了CA系统的可靠性和安全性。     

Data-mining based SQL injection attack detection using internal query trees

Detecting SQL injection attacks (SQLIAs) is becoming increasingly important in database-driven web sites. Until now, most of the studies on SQLIA detection have focused on the structured query language (SQL) structure at the application level. Unfortunately, this approach inevitably fails to detect those attacks that use already stored procedure and data within the database system. In this paper, we propose a framework to detect SQLIAs at database level by using SVM classification and various kernel functions. The key issue of SQLIA detection framework is how to represent the internal query tree collected from database log suitable for SVM classification algorithm in order to acquire good performance in detecting SQLIAs. To solve the issue, we first propose a novel method to convert the query tree into an n-dimensional feature vector by using a multi-dimensional sequence as an intermediate representation. The reason that it is difficult to directly convert the query tree into an n-dimensional feature vector is the complexity and variability of the query tree structure. Second, we propose a method to extract the syntactic features, as well as the semantic features when generating feature vector. Third, we propose a method to transform string feature values into numeric feature values, combining multiple statistical models. The combined model maps one string value to one numeric value by containing the multiple characteristic of each string value. In order to demonstrate the feasibility of our proposals in practical environments, we implement the SQLIA detection system based on PostgreSQL, a popular open source database system, and we perform experiments. The experimental results using the internal query trees of PostgreSQL validate that our proposal is effective in detecting SQLIAs, with at least 99.6% of the probability that the probability for malicious queries to be correctly predicted as SQLIA is greater than the probability for normal queries to be incorrectly predicted as SQLIA. Finally, we perform additional experiments to compare our proposal with syntax-focused feature extraction and single statistical model based on feature transformation. The experimental results show that our proposal significantly increases the probability of correctly detecting SQLIAs for various SQL statements, when compared to the previous methods.     

An efficient parallel-network packet pattern-matching approach using GPUs

In the past few years, the increase in interest usage has been substantial. The high network bandwidth speed and the large amount of threats pose challenges to current network intrusion detection systems, which manage high amounts of network traffic and perform complicated packet processing. Pattern matching is a computationally intensive process included in network intrusion detection systems. In this paper, we present an efficient graphics processing unit (GPU)-based network packet pattern-matching algorithm by leveraging the computational power of GPUs to accelerate pattern-matching operations and subsequently increase the overall processing throughput. According to the experimental results, the proposed algorithm achieved a maximal traffic processing throughput of over 2 Gbit/s. The results demonstrate that the proposed GPU-based algorithm can effectively enhance the performance of network intrusion detection systems.     

基于粗糙集的自适应网络入侵检测方法

在分析入侵检测方法的基础上,将粗糙集理论引入入侵检测方法,提出一种改进的基于粗糙集的自适应网络入侵检测方法。通过对入侵数据权值离散化预处理,属性知识约简,规则提取与过滤,提高网络入侵数据的检测率。与基于BP-神经网络的方法,基于专家系统的(ES)的方法,以及普通的基础粗糙集的入侵检测方法进行实验对比,通过实验数据,证明该方法的有效性。