摘要
网络协议分析是网络入侵检测中的一种关键技术,当前主要方法是对网络层和传输层协议进行分析。文章基于状态转换进行协议分析和检测,以充分利用协议的状态信息检测入侵,有效地完成包括应用层协议在内的网络各层协议的分析,更加精确地定位了检测域,提高了检测的全面性、准确性和检测效率;这种方法综合了异常检测和误用检测技术,可以更有效地检测协议执行时的异常和针对协议的攻击,并且可检测变体攻击、拒绝服务攻击等较难检测的攻击。
The network protocol analysis is an essential technique in network intrusion detection.The existing techniques mainly analyze network layer protocols and transport layer protocols.On the basis of existing techniques of protocol anal-ysis,by using a protocol analysis technique based on state transition,it proposes an intrusion detection technique that takes full advantage of the protocol state information for detecting intrusion.It can effectively analyze protocols at various layers of network including application layer protocols and can accurately locate the field of detection,which enhances the completeness,accuracy and efficiency of detection.It combines anomaly detection and misuse detection together and can effectively detect exceptional executions of protocols and protocol attacks.Some attacks which are difficult to be de-tected,such as polymorphic attacks and Denial of Service(DoS)attacks,can be detected by using this method.
出处
《计算机工程与应用》
CSCD
北大核心
2003年第36期128-133,共6页
Computer Engineering and Applications
基金
国家863高技术研究发展计划基金资助(编号:2001AA144150)
