| 基于协议状态有限机的系统扫描检测算法 |
| |
| 引用本文: | 邓一贵,王康,邱全杰. 基于协议状态有限机的系统扫描检测算法[J]. 计算机科学, 2007, 34(10): 120-123 |
| |
| 作者姓名: | 邓一贵 王康 邱全杰 |
| |
| 作者单位: | 重庆大学计算机学院,重庆,400044;重庆大学信息与网络管理中心,重庆,400044;重庆大学信息与网络管理中心,重庆,400044 |
| |
| 摘 要: | 针对现有扫描检测算法对隐蔽扫描、慢扫描无法识别的不足,提出了基于协议状态有限机的检测算法,该算法能更准确地检测出普通扫描,对隐蔽扫描、慢扫描等现有技术难以检测的扫描也有较好的检测效果。实验测试表明该算法能提高系统扫描检测性能,降低误报率和报警次数。
|
| 关 键 词: | 入侵检测 系统扫描检测 协议状态有限机 |
A Scanning Detection Algorithm Based on Finite Machine of Protocol Status |
| |
| DENG Yi-Gui,WANG Kang,QIU Quan-Jie. A Scanning Detection Algorithm Based on Finite Machine of Protocol Status[J]. Computer Science, 2007, 34(10): 120-123 |
| |
| Authors: | DENG Yi-Gui WANG Kang QIU Quan-Jie |
| |
| Affiliation: | College of Computer Science, Chongqing University, Chongqing 400044;Network Center, Chongqing University, Chongqing 400044 |
| |
| Abstract: | In order to resolve the problem that current scanning detection algorithms can not recognize hidden scanning and slow scanning,a scanning detection algorithm based on finite machine of protocol status is proposed.It can more exactly detect common scanning,and has effect on hidden scanning and slow scanning which current scanning detection algorithms can not recognize.Experiment indicates that the algorithm can augment the performance of scanning detec- tion,decline the rate of misinformation and alarming times. |
| |
| Keywords: | Intrusion detection System scanning detection Finite machine of protocol status |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
点击此处可从《计算机科学》下载全文 |
|
