摘要
在高速主干网络环境中的入侵检测系统应该满足两个要求:第一,需要尽早发现入侵企图;第二,要努力降低入侵检测的操作代价。两者的解决办法与入侵检测模型和测度密切相关。本文在一般的滥用检测系统中嵌入反馈预测机制,它不仅能预测用户当前行为是否入侵,而且能大幅度降低该入侵检测系统的操作代价,可适应在高速网络中的实时检测需要。实际测试结果表明反馈预测机制能比较精确地预测入侵,嵌入了反馈预测机制的滥用检测系统的数据处理能力有了较大的改善。
IDS for high-speed backbone network should meet two requirements. Firstly, it should recognize the intrusion plan as soon as early; Secondly, it should try its best to decrease operation cost of intrusion detection. To meet the two requirements have close connection with intrusion detection model and the measures IDS use. The paper introduces how to import Feedback-prediction mechanism to misuse detection system, so that it can predict whether the current behavior of user implies intrusion. Moreover, Feedback-prediction mechanism can notably decrease operation cost of IDS and meet the real-time intrusion detection for high-speed network. The result of experiment shows that Feedback-prediction mechanism can accurately predict intrusion and improve the capability of IDS to deal with data.
出处
《计算机科学》
CSCD
北大核心
2004年第1期59-61,102,共4页
Computer Science
基金
国家自然科学基金90104031
