| 基于特征的入侵检测系统的评估新方法 |
| |
| 引用本文: | 孙美凤,龚 俭,杨 望.基于特征的入侵检测系统的评估新方法[J].通信学报,2007,28(11):6-14. |
| |
| 作者姓名: | 孙美凤 龚 俭 杨 望 |
| |
| 作者单位: | 1. 东南大学,计算机科学与工程系,江苏,南京,210096;扬州大学,信息工程学院,江苏,扬州,225000
2. 东南大学,计算机科学与工程系,江苏,南京,210096 |
| |
| 基金项目: | 国家重点基础研究发展计划(973计划);江苏省重点实验室基金 |
| |
| 摘 要: | 为了提高评估的准确性,对基于特征的IDS的检测原理进行分析,提出分别评估规则库质量和IDS系统能力的原则。给出评估IDS系统能力的方法,该方法把人工知识视为评估参数,因此结论反映IDS实现的质量。重点讨论系统能力的测度定义,并简单介绍测度计算的总体思路。实验结果表明该方法更能反映基于特征的IDS的真实质量。
|
| 关 键 词: | 入侵检测 基于特征的入侵检测系统 评估 |
| 文章编号: | 1000-436X(2007)11-0006-09 |
| 收稿时间: | 2006-12-29 |
| 修稿时间: | 2007-08-20 |
New approach to evaluate the capacity of signature-based intrusion detection systems |
| |
| SUN Mei-feng,GONG Jian,YANG Wang.New approach to evaluate the capacity of signature-based intrusion detection systems[J].Journal on Communications,2007,28(11):6-14. |
| |
| Authors: | SUN Mei-feng GONG Jian YANG Wang |
| |
| Abstract: | For improving the accuracy of IDS evaluation, after the detection method of signature-based IDS was analyzed, pointed out that the current methods are not reasonable, and proposed the principle to evaluate the capability of IDS implementation and the capability of rule base respectively. The method to evaluate the capability Of IDS implementation, which views the human knowledge as parameters, was introduced. The definition of metrics and how to calculate the value of metrics are mainly discussed. A prototype was implemented which shows that this new method can evaluate the real capacity better for a signature-based IDS. |
| |
| Keywords: | intrusion detection signature-based intrusion detection system evaluation |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《通信学报》浏览原始摘要信息 |
|
点击此处可从《通信学报》下载全文 |
|
