但是在实际中的应用仍然局限于异常检测和误用检测。
But, it is limited to use anomaly detection and misuse detection in practice.
论文提出了一种有效的误用检测方法,并实现了一个原型系统。
The paper proposes an effective detecting method and constructs a prototype system.
该系统实现了误用检测、异常检测、攻击源追踪三个方面的功能。
This system has three functions: misused detection, anomaly detection, and attack source traceback.
在网络入侵检测算法方面,本文对异常和误用检测算法进行了研究。
On the aspect of network intrusion detection algorithm, the thesis studies the misuse detection algorithm and anomaly detection algorithm.
根据入侵检测原理的不同,入侵检测可分为误用检测和异常检测两种。
According to the differences of intrusion detection theory, it includes misuse-based detection and anomaly-based intrusion.
当前的入侵检测技术主要有基于规则的误用检测和基于统计的异常检测。
The current intrusion detection techniques mainly include rule-based misuse detection and statistics-based anomaly detection.
仿真结果表明,在大多数情况下,学习调整后的知识模型能够提高误用检测系统的检测率。
Test results displayed that, under most circumstances, system detection rate was increased when the attack knowledge model was adjusted after learning.
测试结果表明,经过模糊变换的恶意代码能够逃避大部分基于误用检测的恶意代码对抗工具。
The results show that malicious code using obfuscating transformation can be free of most of malicious code detecting tools who adopt the misuse intrusion detection.
数据分析融合了异常检测和误用检测两种方法,提出了相应的检测模型,并引入了滤噪函数。
The data analysis integrates the two detection methods: anomaly and misuse, which provides corresponding detection models and introduces the noise filtering function.
入侵检测技术从原理上分为异常检测和误用检测,从检测内容上分为主机入侵检测和网络入侵检测技术。
On principle, Intrusion detection technology is made up of abnormal detection and musing detection and by the detected content, it includes host detection and network detection.
误用检测技术优点是检测准确率高,缺点是依赖性强,不易移植,维护工作量大,对于未知的攻击束手无策。
The weaknesses are having strongly dependence, not easy to transplant, great maintenance work, and can not detect the unknown attack.
其中规则库中包含正常行为规则和异常行为规则,使得原型系统在理论上既可实现误用检测也可实现异常检测,并采用关联规则挖掘模块对网络连接数据进行处理。
The rule sets of the system include normal behavior rules and abnormal behavior rules, it make the system can carry out the anomaly detection and misuse detection in theory.
入侵检测的主要目标是用于检测非授权误用以及系统内部与外部的入侵行为。
The main goal of intrusion detection is to detect unauthorized use, misuse and abuse of computer systems by both system insiders and external intruders.
通过构建状态机并从其中提取出相关信息,不仅可以同时兼顾基于误用和基于异常的两种检测方法,而且使得它们获得了更好的检测效果。
By constructing state machine and get information from it, this approach can contain both anomaly-based and misuse-based intrusion detection methods, and gain the better detection capability.
误用入侵检测技术中最重要的一个环节是模式匹配,目前的模式匹配主要是对报文中特征字符串的匹配。
Misuse intrusion testing technology is the most important link in a pattern matching the current model of matching reported mainly on the text of character string matching.
入侵检测系统(IDS)的主要目标是检测计算机系统内部或外部入侵者的非授权使用、误用和滥用。
The main goal of Intrusion Detection system (IDS) is to detect unauthorized use, misuse and abuse of computer systems by both system insiders and external intruders.
实验证明,在由若干子网组成的大规模网络中,该方法可以高效地检测出任意一个子网内是否存在网络误用。
Proved by the experiment, put into the large-scale network composed by several subnets, this method can detect the misuse of any subnet with a high efficiency.
摘要:入侵特征值识别和发现算法是误用入侵检测中的关键技术。
Absrtact: Invasion eigenvalue and discovery algorithm are the key technologies to misuse intrusion detection technology.
系统在设计检测部分时,采用了两种检测模式:误用模式和异常模式。
The two popular detection modes, Misuse mode and Anomaly mode, have been taken into the design of detection part of the Agent.
入侵检测按照检测技术分为两类:基于异常的入侵检测和基于误用的入侵检测。
The intrusion detection system divides into two categories according to the detection technique: anomaly-based detection system and misuse-based detection system.
对检测入侵方法中的两种方法——异常入侵检测和误用入侵检测进行了描述,介绍了这两种方法中采用的各种不同的检测技术。
This paper expounds two technique for intrusion detection: anomaly detection and misuse detection, and introduces the category and many intrusion detection techniques of IDS.
实验证明,在由若干子网组成的大规模网络中,该方法可以高效地检测出任意一个子网内是否存在网络误用。
Proved by the experiment, put into the large-scale network composed by several subnets, this method can detect the misuse of any subnet wit...
定义了误用入侵检测系统安全级别并通过预警原理低安全级别入侵检测系统可以实现对未知入侵的预防作用。
The safety level of misuse IDS is defined and the IDS of lower safety level may prevent unknown intrusion from damage by the early-alert principle.
通过对网络数据包的分析,挖掘出网络系统中频繁发生的行为模式,并运用模式相似度比较对系统的行为进行检测,进而自动建立异常和误用行为的模式库。
By analysis of network traffic (packets), frequent user behavior profiles are mined, and then by comparing the profile similarity, system behavior can be detected in real-time.
在文中,针对误用网络型入侵检测系统建立一个警报过滤机制,该机制找出攻击成功时所需具备的环境条件。
This paper proposes an alarm filtering scheme to improve the efficiency of misuse-type network intrusion detection system.
在文中,针对误用网络型入侵检测系统建立一个警报过滤机制,该机制找出攻击成功时所需具备的环境条件。
This paper proposes an alarm filtering scheme to improve the efficiency of misuse-type network intrusion detection system.
应用推荐