| 本体论在网络入侵检测技术中的应用 |
| |
| 引用本文: | 经小川,胡昌振,谭惠民.本体论在网络入侵检测技术中的应用[J].四川大学学报(工程科学版),2005,37(3):105-109. |
| |
| 作者姓名: | 经小川 胡昌振 谭惠民 |
| |
| 作者单位: | 北京理工大学,机电工程与控制国家重点实验室,北京,100081 |
| |
| 摘 要: | 为解决当前入侵检测系统中的检测器协作问题和检测器内知识表达问题,将知识工程中的本体论技术应用于分布式入侵检测系统中,使用入侵检测本体在系统内形成了统一的全局概念视图。按照入侵检测体系的基本框架构建了入侵检测本体,该本体模型对入侵检测三要素(信息资产、攻击者、攻击行为)进行了分层的概念和属性描述。检测器按照作用域继承本体模型内的不同概念类形成自身的领域知识,同时在统一的知识论框架的引导下完成协作过程。最后,通过对基于本体模型的检测系统的实例证实了该方法的可行性。
|
| 关 键 词: | 本体 入侵检测 协作 |
| 文章编号: | 1009-3087(2005)03-0105-05 |
Application of Ontology in Network Intrusion Detection System |
| |
| JING Xiao-chuan,HU Chang-zhen,TAN Hui-min.Application of Ontology in Network Intrusion Detection System[J].Journal of Sichuan University (Engineering Science Edition),2005,37(3):105-109. |
| |
| Authors: | JING Xiao-chuan HU Chang-zhen TAN Hui-min |
| |
| Affiliation: | JING Xiao-chuan,HU Chang-zhen,TAN Hui-minf Tech,Beijing 100081,China) |
| |
| Abstract: | This paper applies Ontology of knowledge engineering into the Distributed Intrusion Detection System. By using Ontology of network security, a whole conceptual view has been created in the system, provides some feasible methods to the detection engine cooperation and knowledge representation for the detection engine, which are the most urgent problems of intrusion detection system. An ontological model of net security is presented according to the outline of IDS,then the conception and attributes of three essentials in IDS (information assets ,attacker, attack)are described step by step. Detection engine inherit the concepts from class of Ontology model and use these concepts to compose domain knowledge. Finally, on the Ontology DIDS system, the attack of TCP serial number intercept has been detected. It shows that the system can effectively detect the attack and explains the method designed in this system is feasible. |
| |
| Keywords: | Ontology intrusion detection cooperation |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
