通信学报2011,Vol.32Issue(8):171-178,8.
基于网络事件和深度协议分析的入侵检测研究
Research on intrusion detection based on network events and deep protocol analysis
摘要
Abstract
The problems for restricting NIDS were investigated. Based on network events and deep protocol analysis, a new model MIDM analyzing and integrating network intrusion was proposed. After extending ABNF to describe network events, a new NIDS was built based on MIDM. Experimental results proved that, comparing to the current mainstream NIDS, the model MIDM can work effectively with less false positive rate and less redundancy of rule base. And if network stream and rule base were extended quickly, the CPU utilization of new model's would remain low growth, which makes MIDM better adapt to high-speed network. And it's also able to detect some unknown attacks and sustain rule generalization.关键词
入侵检测/协议分析/模式匹配/异常检测/高速网络Key words
intrusion detection/ protocol analysis/ pattern matching/ statistical anomaly detection/ high-speed network分类
信息技术与安全科学引用本文复制引用
朱映映,吴锦锋,明仲..基于网络事件和深度协议分析的入侵检测研究[J].通信学报,2011,32(8):171-178,8.基金项目
国家自然科学基金资助项目(60703112) (60703112)
深港创新圈基金资助项目(ZYB200907060012A) (ZYB200907060012A)
广东省自然科学基金资助项目(10351806001000000) (10351806001000000)
