摘要
给出了一种基于CIDF的入侵检测模型 ,该模型同时运用异常检测与特征检测 ,能够较好地检测到各种攻击 ,而且可以在有噪声数据的情况下对系统进行训练 ,克服了一般的基于异常检测的入侵检测系统要求在无噪声数据的情况下进行训练的缺陷 .通过CIDF通信协议 ,入侵检测系统还可以与其他的入侵检测系统通信 ,实现多个入侵检测系统协同工作 。
This article puts forward a kind of intrusion detection system model based on CIDF. The intrusion detection system employs both behavior based anomaly detection and knowledge based signature detection, so the system can detect most kinds of system intrusion and the user can train the system over the noisy data. The system gets rid of the limitation of people who can only train the system with no intrusion data, which is the requirement of the average intrusion detection system based on anomaly detection. With the help of CIDF communication protocol, the intrusion system can communicate with other intrusion detection system effectively, indicating that a group of intrusion detection systems can work cooperatively, the efficiency of the system and its availability can be improved.
出处
《华中科技大学学报(自然科学版)》
EI
CAS
CSCD
北大核心
2002年第3期1-3,18,共4页
Journal of Huazhong University of Science and Technology(Natural Science Edition)
