| 用于入侵检测数据集评测的SMTP流量模拟 |
| |
| 引用本文: | 许超,钱俊,史美林.用于入侵检测数据集评测的SMTP流量模拟[J].计算机工程与设计,2006,27(12):2124-2126,2135. |
| |
| 作者姓名: | 许超 钱俊 史美林 |
| |
| 作者单位: | 清华大学,计算机科学与技术系,北京,100084 |
| |
| 基金项目: | 国家高技术研究发展计划(863计划) |
| |
| 摘 要: | 利用评测数据集对入侵检测系统进行评测是目前可行并且有效的评估手段,数据集包括背景流量和攻击流量两部分。背景流量的设计和模拟非常重要,因为背景流量体现实际网络的特征。提出了一种基于SMTP和POP3日志聚类的建模方法用于入侵检测评测数据集中SMTP流量的模拟,保留了网络和用户的特征,具有较好的扩展性,可以根据评测需要灵活定制SMTP流量。
|
| 关 键 词: | 入侵检测系统(IDS) 数据集 SMTP流量模拟 IDS评测 |
| 文章编号: | 1000-7024(2006)12-2124-03 |
| 收稿时间: | 2005-04-11 |
| 修稿时间: | 2005-04-11 |
SMTP traffic simulation for intrusion detection dataset evaluation |
| |
| XU Chao,QIAN Jun,SHI Mei-lin.SMTP traffic simulation for intrusion detection dataset evaluation[J].Computer Engineering and Design,2006,27(12):2124-2126,2135. |
| |
| Authors: | XU Chao QIAN Jun SHI Mei-lin |
| |
| Affiliation: | Department of Computer Science and Technology, Tsinghua University, Beijing 100084, China |
| |
| Abstract: | The dataset evaluation methodology is a feasible and effective way to evaluate the performance of intrusion detection systems. The dataset contains background traffic and attack traffic. The design and simulation ofbackground traffic is critical to the dataset because the characters of real network are presented. A method based on SMTP and POP3 log clustering is presented to model the SMTP traffic. The high performance and scalability of synthetic traffic make it more flexible and feature the advantage for IDS evaluation. |
| |
| Keywords: | intrusion detection system(IDS) dataset SMTP traffic simulation IDS evaluation |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
