| 基于应用的高速网络入侵检测系统研究 |
| |
| 引用本文: | 李信满,赵大哲,赵宏,刘积仁.基于应用的高速网络入侵检测系统研究[J].通信学报,2002,23(9):1-7. |
| |
| 作者姓名: | 李信满 赵大哲 赵宏 刘积仁 |
| |
| 作者单位: | 东北大学,软件中心,辽宁,沈阳,110003 |
| |
| 基金项目: | 国家863高技术计划资助项目(863-317-01-03-99) |
| |
| 摘 要: | 传统的网络入侵检测方法基于传输层以下的数据包特性来检测入侵,因此存在一些难以克服的缺点,如易受欺骗(evasion)、误报警(false positive)多、检测效率低等,难以适应高速的网络环境。为了解决这些问题,本文提出将应用协议分析方法应用到网络入侵检测中,实现基于应用的检测,并提出了一个改进的多模式匹配算法,进一步提高检测的效率;同时针对高速网络环境,利用基于数据过滤的压缩技术与负载均衡技术提出了一个新的网络入侵检测系统结构模型,给出了系统的设计与实现方法。实验测试表明系统能够对吉比特以太网进行有效的实时检测。
|
| 关 键 词: | 网络入侵检测 协议分析 模式匹配 负载均衡 数据过滤 代理 |
| 文章编号: | 1000-436X(2002)09-0001-07 |
| 修稿时间: | 2002年1月8日 |
Research on application-based network intrusion detection system for high-speed network |
| |
| intrusion detection system for high-speed network LI Xin-man,ZHAO Da-zhe,ZHAO Hong,Liu Ji-ren.Research on application-based network intrusion detection system for high-speed network[J].Journal on Communications,2002,23(9):1-7. |
| |
| Authors: | intrusion detection system for high-speed network LI Xin-man ZHAO Da-zhe ZHAO Hong Liu Ji-ren |
| |
| Abstract: | The traditional network intrusion detection system only detect intrusions according to thepacket features below the transport layer, hard problems exist such as easy to be evaded, high false positive and low efficiency. In order to solve these problems, a detecting method based on application protocol analysis is used and an efficient multiple-pattern searching algorithm is presented in order to improve the efficiency of the NIDS. A new architecture and model of NIDS based on data filtering and load balance is described, the design and implementation is also discussed. Lab tests reveals that the system is good at detecting the high-speed network such as gigabit Ethernet. |
| |
| Keywords: | network intrusion detection protocol analysis pattern searching load balance data filtering agent |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
