| 入侵检测系统的规则研究与基于机器学习的入侵检测系统模型 |
| |
| 引用本文: | 蒋道霞.入侵检测系统的规则研究与基于机器学习的入侵检测系统模型[J].现代电子技术,2005,28(17):24-27. |
| |
| 作者姓名: | 蒋道霞 |
| |
| 作者单位: | 南京理工大学,江苏,南京,210094 |
| |
| 摘 要: | 入侵检测系统(IDS)分为异常检测模型和误用检测模型。异常检测模型首先总结正常操作应该具有的特征,得出正常操作的模型,对后续的操作进行监视,一旦发现偏离正常统计学意义上的操作模式,即进行报警。误用检测模型是收集入侵检测行为的特征,建立相关的规则库,在后续的检测过程中,将收集到的数据与规则库中的特征代码进行比较,得出是否是入侵的结论。本文主要研究了入侵检测系统中的规则的建立,并通过在基于误用检测的Snort入侵检测系统中增加一个规则学习模块——LERAD,提出了一个基于机器学习的入侵检测系统模型。
|
| 关 键 词: | 入侵检测系统 特征 Snort 规则 LERAD |
| 文章编号: | 1004-373X(2005)17-024-04 |
| 收稿时间: | 2005-04-18 |
| 修稿时间: | 2005年4月18日 |
Rule Research of Intrusion Detection System and Pattern of IDS Based on Machine Learning |
| |
| JIANG Daoxia.Rule Research of Intrusion Detection System and Pattern of IDS Based on Machine Learning[J].Modern Electronic Technique,2005,28(17):24-27. |
| |
| Authors: | JIANG Daoxia |
| |
| Abstract: | There are two models of intrusion detection system. They are anomaly detection model and misuse detection model. Anomaly detection model first summarizes the signatures normal operations which should have to educe models of normal operations, and then monitors the subsequent operations. Once it finds operation modes violating normal according to statistical criterion ,an alarm will be produced. Misuse detection model collects the signature of intrusion detection action to establish related rule databases. In the subsequent detection ,the collected data will be compared with signature code in rule database ,to decide whether they are intrusions or not. This paper is mainly about the establishing of rules about IDS. It describes how to establish a network intrusion detection system by adding a plugin of LERAD module in snort. It presents a pattern of IDS based on machine learning. |
| |
| Keywords: | intrusion detection system signature Snort rule LERAD |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
