| 可回卷的自动入侵响应系统 |
| |
| 引用本文: | 张剑,龚俭. 可回卷的自动入侵响应系统[J]. 电子学报, 2004, 32(5): 769-773 |
| |
| 作者姓名: | 张剑 龚俭 |
| |
| 作者单位: | 东南大学计算机科学与工程系,江苏省计算机网络技术重点实验室,江苏南京 210096 |
| |
| 摘 要: | 本文描述了入侵响应回卷的形式化方法及其实现,然后建立了一个可回卷的自动入侵响应系统模型.该系统在检测到误报或入侵停止的情况下,采取响应回卷动作,从而消除了响应带来的负面影响,即响应代价.试验证明,响应回卷技术能较好地降低响应代价,从而以较低的代价换取相同的安全目标.
|
| 关 键 词: | 入侵检测系统 自动响应系统 响应回卷 中止检测算法 |
| 文章编号: | 0372-2112(2004)05-0769-05 |
| 收稿时间: | 2003-04-14 |
Rollbackable Automated Intrusion Response System |
| |
| ZHANG Jian,GONG Jian. Rollbackable Automated Intrusion Response System[J]. Acta Electronica Sinica, 2004, 32(5): 769-773 |
| |
| Authors: | ZHANG Jian GONG Jian |
| |
| Affiliation: | Dept.of Computer Science and Technology,Southeast University,Nanjing,Jiangsu 210096,China |
| |
| Abstract: | Traditional intrusion detection systems only carry out response when intrusion is detected,while don't respond to "nonexistence" of intrusion.It has two shortcomings.First,when the previous intrusion events that had been responded are proved to be false alarms,the response system cannot correct its response.Secondly,when the intrusion behavior terminates,the response system cannot withdraw the corresponding response so as to eliminate the negative effect.In this paper,a Rollbackable Automated Intrusion Response System (RAIRS) is established to cope with the above two problems.RAIRS can not only automatically detect response,but also detect false alarms and termination of intrusion,and then triggers the rollback of corresponding response to eliminate its negative effect.The experiment proves that the response rollback technique can decrease the response cost so that it can achieve the same security goal with lower cost. |
| |
| Keywords: | Intrusion detection system automated response system response rollback termination detection algorithm |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《电子学报》浏览原始摘要信息 |
|
点击此处可从《电子学报》下载全文 |
|
