According the cidf pattern , the system was divided into five fundamental modules : packet capture , network sniffer , rules disposal , data analyze and system reaction . each module mapp ed to different applications and the system function was introduced in brief 根据cidf入侵检测模型,将系统分为五个基本模块:数据捕获、网络监听、规则处理、数据分析和系统响应模块,分别对应于不同的应用功能;并对目前开发的系统功能做了简单的介绍。
This thesis provide the intrusion detection model through network performance learning . the thesis provide the structure figure and flow chart . and genetic algorithm applied in this model eliminate the high wrong alarm rate , the thesis provide coding policy , fitness function and object function . the thesis introduce a 3 - tuple < match , entropy , newness > to describe the characteristic of the netvvork . the thesis provide the intrusion detection algorithm just to find intrusions 提出了一种基于网络性能学习的入侵检测模型。给出了模型的框架图,以及模型主要的流程步骤。并详细分析了遗传算法在模型中的应用,给出了编码策略、适应度函数和目标函数,引入了一个三元组来描述网络性能变化,并给出了相应的入侵检测算法。
Through the investigations of the extensive research productions and documents , the development process and the mutuality of related important algorithms in this field are tided up and presented in this paper , and together with an immunology based intrusion detection modal , and its value in the intrusion detection field 通过对入侵检测与生物免疫学领域中已有成果的研究和文献资料的收集整理,理清了入侵检测系统领域诸多算法的研究发展脉络,提出了一种基于生物免疫学的入侵检测模型,探讨了其在入侵检测方面的应用价值。
Detection methods etc . the thesis secondly presents the mobile agent technology and p2p . mobile agent is a conception been put forward lately . it offers a new computing paradigm in the form of a software agent . i t can suspend its execution on a host computer , can transfer itself to another agent - based host on the network , and can resume execution on the new host . so that the mobile agent has the properties of such as mobility , flexibility , adaptability , operating in heterogeneous environme - nts , reusing code etc . the thesis analysis the existing kinds of distributed intrusion detection system , introduce the distribution level and make the classification of the systems 接着本文又介绍了移动代理技术和p2p网络(对等网络) 。移动代理是近几年来提出的一个新概念,它提供了一个新的计算方式,即程序以软件代理的形式出现,能在一台主机上停止对它的执行,并通过移动到另一台主机上恢复执行,具备移动性、灵活性、适应性、跨平台性和代码可重用等特性。本文随后又详细分析了现有的各种分布式入侵检测模型,引入分布级别的概念对模型进行了分类,并探讨了各自的优缺点。
Intrusion detection technology , based on the general intrusion detection model presented by dorothy denning , has been a long development history for twenty years . people has applied autonomous agents , data mine , expert system and model reasoning to the intrusion detection field , and the new knowledge makes the intrusion detection technology develop at a rapid rate . but the current intrusion detection models have lots of disadvantages 入侵检测技术已经有20多年的发展历史,在dorothydenning提出的通用模型的基础上,人们已经将诸如自治代理、数据挖掘、专家系统和模型推理等知识应用到入侵检测领域,使得入侵检测的技术得到了迅速的发展,但是现存的入侵检测模型存在诸多缺陷。
Firstly , in this paper , we review the histories of xml and xml database , and all kinds of data models used widely now . then we review traditional access control policies and policies specially used on xml , and present a new expression method of access set on xml based on child tree of w3c data model . and we bring rbac model into xml database and present a new xml access model x - rbac . because the usage of data in databases has high frequency , we present an ids model based on access set density to logging the potential security threats . and then we introduce the design and implementation of a prototype of our native xml database nhx and its access control system . finally , we draw a conclusion for this paper and the future work 本文首先回顾了xml及xml数据库的历史,并总结了目前广泛使用的xml数据模型,在分析了各种传统数据库访问控制策略,以及xml的专有访问控制策略的优缺点后,基于w3c的xml数据模型,提出了一种基于子树的具有高弹性的便于实现的的访问区域表示法,并将rbac模型引入进来,提出了一种适用于xml数据库的访问控制模型x - rbac ,同时为了区分xml数据库访问中的合法访问和合理访问,我们根据数据库访问具有频繁性这一特征,提出了一种基于区域访问密度的入侵检测模型( ids ) ,以对隐藏在正常访问中的潜在安全威胁进行报警和日志。
In this thesis , we , based on analyzing and comparing the current intrusion detection technology , such as anomaly detection technology based on statistics methodology , data mine or autonomous agents . misuse detection technology based on expert system or model reasoning , indicate that the relation among the attack events do n ' t been resolved in these models . we present a new intrusion detection model based on timed sequence . there are normal state , danger state , attacking state and update creat model state in the attacked system , with a view to the influence of attacker ' s attacking sequence on the attacked system 本文在分析比较现有入侵检测技术,如基于统计方法学,数据挖掘,自治代理的异常检测技术,基于专家系统和模型推理的误用检测技术等的基础上,针对这些技术都没有对不同攻击事件之间的联系进行分析等问题,本文提出一种新的基于时间序列的入侵检测模型,该模型从攻击者的攻击序列对被攻击系统所造成的影响为着眼点,得出被攻击系统所处状态包含正常状态、危险状态、入侵发生状态、和更新建立模型状态,此模型可以很好地解决攻击序列中不同的攻击事件之间的联系没有进行分析,以及先前的模型不具备预测将来状态,不能预防等问题。
This paper studies the traditional computer security model and the common intrusion detection model first , then analyzes and summarizes the main intrusion detection methods and their features . the signature - based intrusion detection is analyzed with emphasis , and the goal of the paper is to discuss how to improve efficiency and accuracy of the signature - based intrusion detection 本文从研究传统计算机安全模型和通用入侵检测模型入手,分析总结了当前主要的入侵检测技术以及技术上的优缺点,并重点分析了基于特征检测的有关技术。
Application of neural network in ids can not only identify the known attack , but also can detect the new attack and abnormal event . in this dissertation , the existing intrusion detection models and techniques are elaborated first aiming at some key problems of ids , some intrusion detection model based on neural network are designed , which integrate other techniques such as data mining , artificial immune system , gray theory and so on . then the experiments on the intrusion detection benchmark datasets confirm their validities and feasibilities 本论文首先在分析了入侵原理的基础上,对现有的入侵检测的模型和方法进行了分析;继而针对入侵检测中的几个关键问题,综合利用数据挖掘、人工免疫、灰色系统等理论和技术,提出了基于人工神经网络的入侵检测模型,并对传统的神经网络模型进行改进,然后对其在入侵检测中的效果进行了验证。
