| 基于协议分析的网络入侵检测技术 |
| |
| 引用本文: | 景蕊,刘利军,怀进鹏.基于协议分析的网络入侵检测技术[J].计算机工程与应用,2003,39(36):128-133. |
| |
| 作者姓名: | 景蕊 刘利军 怀进鹏 |
| |
| 作者单位: | 北京航空航天大学计算机学院,北京,100083 |
| |
| 基金项目: | 国家863高技术研究发展计划基金资助(编号:2001AA144150) |
| |
| 摘 要: | 网络协议分析是网络入侵检测中的一种关键技术,当前主要方法是对网络层和传输层协议进行分析。文章基于状态转换进行协议分析和检测,以充分利用协议的状态信息检测入侵,有效地完成包括应用层协议在内的网络各层协议的分析,更加精确地定位了检测域,提高了检测的全面性、准确性和检测效率;这种方法综合了异常检测和误用检测技术,可以更有效地检测协议执行时的异常和针对协议的攻击,并且可检测变体攻击、拒绝服务攻击等较难检测的攻击。
|
| 关 键 词: | 入侵检测 网络入侵检测系统 协议分析 状态转换 |
| 文章编号: | 1002-8331-(2003)36-0128-06 |
| 修稿时间: | 2003年3月1日 |
Network Intrusion Detection Techniques Based on Protocol Analysis |
| |
| Jing Rui,Liu Lijun Huai,Jinpeng.Network Intrusion Detection Techniques Based on Protocol Analysis[J].Computer Engineering and Applications,2003,39(36):128-133. |
| |
| Authors: | Jing Rui Liu Lijun Huai Jinpeng |
| |
| Abstract: | The network protocol analysis is an essential technique in network intrusion detection.The existing techniques mainly analyze network layer protocols and transport layer protocols.On the basis of existing techniques of protocol anal-ysis,by using a protocol analysis technique based on state transition,it proposes an intrusion detection technique that takes full advantage of the protocol state information for detecting intrusion.It can effectively analyze protocols at various layers of network including application layer protocols and can accurately locate the field of detection,which enhances the completeness,accuracy and efficiency of detection.It combines anomaly detection and misuse detection together and can effectively detect exceptional executions of protocols and protocol attacks.Some attacks which are difficult to be de-tected,such as polymorphic attacks and Denial of Service(DoS)attacks,can be detected by using this method. |
| |
| Keywords: | Intrusion detection Network-based intrusion detection system Protocol analysis State transition |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
