摘要
在分析入侵检测系统原理及通用入侵检测框架(CIDF)的基础上,按照CIDF的结构要求,设计了基于CIDF的入侵检测系统原型。在系统实现的内部机制上,采用链表的形式保存各类事件的完整信息并按CIDF的要求进行检测数据的标准化,为系统构件共享信息提供高效、准确的保证。结合实践,指出了用语义标识符SID扩充以适应异常检测方面的问题。
This paper gives an introduction to the principle of intrusion detection, explanins what is CIDF and why CIDF is needed. Based on these material, it designs a model for intrusion detection according to CIDE To give the model high performance, it uses chains in memory to save the information of all events occurred in running time and standardlize data from the these events. In the end, it put forwards some points about expanding SID and some SIDs applied in anomaly detection.
出处
《计算机工程》
CAS
CSCD
北大核心
2007年第9期142-144,共3页
Computer Engineering
基金
广东省自然科学基金资助项目(04010589)
关键词
入侵检测
通用入侵检测对象
通用入侵检测框架
数据标准化
Intrusion detection
Generalized intrusion objects(GIDO)
Common intrusion detection frame(CIDF)
Data standardlization
