基于用户可信度的误用入侵检测系统的研究

提出了基于用户可信度的误用IDS模型，该模型对IDS框架结构、签名匹配策略及协同机制都进行了改进。鉴于通用入侵检测框架CIDF（Common Intrusion Detection Framework）结构中缺少对入侵等级划分的机制，提出了基于用户可信度量化的等级划分方法，提高了系统的合理性。定义了误用IDS安全级别，通过预警原理实现低安全级别IDS对未知入侵的预防作用。另外，在用户可信度IDS中使用了局部性原理，进而改善了签名匹配策略并提高了签名的匹配效率和准确率。

Misuse intrusion detection system based on user trust degree

In this paper, a misuse detection model for IDS based on user trust degree (UTD) was firstly presented. This model improves the architecture of IDS, the strategy of signature matching, and the cooperation mechanism. UTD-IDS presents a means of graded partition that based on UTD whereas there is a lack of graded partition in the architecture of CIDF, so it improves the rationality of the system. The safety level of misuse IDS was defined and the IDS of lower safety level may prevent unknown intrusion from damage by the early-alert principle. In addition, was reformed full advantage of local principle were taken in UTD-IDS, then the strategy of signature matching, so it improves the efficiency and accuracy of signature matching.