| 基于半轮询驱动的网络入侵检测单元的设计与实现 |
| |
| 引用本文: | 田志宏,方滨兴,张宏莉.基于半轮询驱动的网络入侵检测单元的设计与实现[J].通信学报,2004,25(7):146-152. |
| |
| 作者姓名: | 田志宏 方滨兴 张宏莉 |
| |
| 作者单位: | 哈尔滨工业大学,国家计算机信息内容安全重点实验室,黑龙江,哈尔滨,150001 |
| |
| 基金项目: | 国家“863”计划基金资助项目(2002AA142020,2001AA147010B) |
| |
| 摘 要: | 在分析了网络入侵检测系统主要问题的基础上,设计并实现了一个面向网络的入侵检测单元NIDU。由于采用对等式架构,NIDU具有良好的可扩展性。提出了半轮询驱动的概念,利用半轮询驱动机制降低了系统中断频率,明显提高数据采集能力;同时采用基于相关度的异常检测技术,对DoS和DDoS攻击的检测效果较现有方法有明显改善。
|
| 关 键 词: | 入侵检测 半轮询驱动 相关度 通信协议 |
| 文章编号: | 1000-436X(2004)07-0146-07 |
| 修稿时间: | 2004年2月10日 |
Design and implementation of network intrusion detection unit based on semi-polling driven |
| |
| TIAN Zhi-hong,FANG Bin-xing,ZHANG Hong-li.Design and implementation of network intrusion detection unit based on semi-polling driven[J].Journal on Communications,2004,25(7):146-152. |
| |
| Authors: | TIAN Zhi-hong FANG Bin-xing ZHANG Hong-li |
| |
| Abstract: | A network intrusion detection unit based on semi-polling driven (NIDU) was designed and implemented on the basis of analysis over the performance bottleneck. With peer architecture, NIDU has characteristic of scalability. A concept of semi-polling driven is presented. With it, interrupts frequency is reduced and the performance of capturing packet is significantly improved. NIDU uses anomaly detection technology based on similarity, which improves the detection effect of the attack of DoS and DDoS dramatically. |
| |
| Keywords: | intrusion detection semi-polling similarity communication protocol |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
