| 基于消息驱动的分布式入侵检测通信机制 |
| |
| 引用本文: | 杜晔,郭幽燕.基于消息驱动的分布式入侵检测通信机制[J].北京邮电大学学报,2006,29(Z2):122-126. |
| |
| 作者姓名: | 杜晔 郭幽燕 |
| |
| 作者单位: | 1. 北京交通大学 计算机与信息技术学院, 北京 100044; 2. 首都医科大学附属北京安贞医院 信息中心, 北京 100029 |
| |
| 基金项目: | 北京交通大学校科研和教改项目 |
| |
| 摘 要: | 提出了基于消息驱动的通信机制,设计了检测器与管理器以及通讯器与通讯器间的通信模式和算法。分3个层次实现通信协议,给出了常用消息的定义,并详细设计了通信流程。通过利用doorknob攻击进行测试与实验分析,协作实体可以很好地检测出分布式复杂攻击。
|
| 关 键 词: | 入侵检测 通信模型 协议 |
| 文章编号: | 1007-5321(2006)增-0122-05 |
| 收稿时间: | 2006-08-16 |
| 修稿时间: | 2006年8月16日 |
Research on a Message Driven Communication Scheme for Distributed Intrusion Detection |
| |
| DU Ye,GUO You-yan.Research on a Message Driven Communication Scheme for Distributed Intrusion Detection[J].Journal of Beijing University of Posts and Telecommunications,2006,29(Z2):122-126. |
| |
| Authors: | DU Ye GUO You-yan |
| |
| Affiliation: | 1. School of Computer and Information Technology, Beijing Jiaotong University, 100044, China;
2. Information Management, Beijing Anzhen Hospital, Beijing 100029, China |
| |
| Abstract: | A message driven communication mechanism was proposed, which takes the role of transforming information, and cooperating to detect vicious behaviors. The communication models and algorithms of detector, manager and communicator were designed. The protocol presented here was divided into three layers. Then, the definitions of common used messages were given, and communication processes were designed in detail. In the end, doorknob attack was used for simulation. Experimental results showed the validity of this mechanism to detect intricate event. |
| |
| Keywords: | intrusion detection communication model protocol |
| 本文献已被 万方数据 等数据库收录! |
| 点击此处可从《北京邮电大学学报》浏览原始摘要信息 |
|
点击此处可从《北京邮电大学学报》下载全文 |
|
