[1]龚俭,陆晟.大规模互联网络的入侵检测[J].东南大学学报(自然科学版),2002,32(3):325-330.[doi:10.3969/j.issn.1001-0505.2002.03.004]
 Gong Jian,Lu Sheng.Intrusion detection in large-scale network[J].Journal of Southeast University (Natural Science Edition),2002,32(3):325-330.[doi:10.3969/j.issn.1001-0505.2002.03.004]
点击复制

大规模互联网络的入侵检测()
分享到:

《东南大学学报(自然科学版)》[ISSN:1001-0505/CN:32-1178/N]

卷:
32
期数:
2002年第3期
页码:
325-330
栏目:
计算机科学与工程
出版日期:
2002-05-20

文章信息/Info

Title:
Intrusion detection in large-scale network
作者:
龚俭 陆晟
东南大学计算机科学与工程系,南京 210096
Author(s):
Gong Jian Lu Sheng
Department of Computer Science and Engineering, Southeast University, Nanjing 210096, China
关键词:
入侵检测系统 异常检测 入侵响应 协同检测 入侵追踪 网络安全
Keywords:
intrusion detection system abnormal detection response to intrusion coordinated detection intrusion trace-back network security
分类号:
TP393.4
DOI:
10.3969/j.issn.1001-0505.2002.03.004
摘要:
介绍了大规模互联网络入侵检测技术的发展现状,对网络入侵检测的体系结构,异常检测技术,响应技术,入侵检测的协同技术,网络基础设施的保护技术等热点问题进行了讨论,指出了该领域的一些发展重点.
Abstract:
The state-of-art of intrusion detection technology in a large-scale network is introduced since the security is getting more dependent among inter-connected networks. Some hot topics, such as the architecture of IDS(intrusion detection system), abnormal detection, response technology, coordinated detection, and the technologies used to protect network infrastructure, are discussed in detail. Some trends of development are mentioned as well.

参考文献/References:

[1] Jai Balasubramaniyan,Garcia-Fernandez Jose Omar,Isacoff David,et al.An architecture for intrusion detection using autonomous agents[D].Department of Computer Sciences,Purdue University,West Lafayette,Indiana:Coast TR 98-05,1998.
[2] Staniford-Chen S,Cheung S,Crawford R,et al.GrIDS-a graph-based intrusion detection system for large networks[A].In:The 19th National Information Systems Security Conference[C].1996.http://seclab.cs.ucdavis.edu/papers/nissc96.pdf.
[3] Tung Brian.Common intrusion detection framework(CIDF)[EB/OL].http://www.isi.edu/~brian/cidf/1999-09-10/2001-05-07.
[4] Zamboni Diego,Spafford E H.A prototype for a distributed intrusion detection system[D].Department of Computer Sciences,Purdue University,West Lafayette,Indiana:Coast TR 98-06,1998.
[5] Vigna G,Kemmerer R A.NetSTAT:a network-based intrusion detection system [J]. Journal of Computer Security,1999,7(1).http://www.cs.ucsb.edu/~rsg/pub/1999_vigna_kemmerer_jcs99.ps.gz.
[6] Bishop Matt,Northcutt Stephen.Executive summary[EB/OL].http://seclab.cs.ucdavis.edu/projects/idrds/summary.html,1998-08-04/2001-05-07.
[7] Erlinger Michael,Staniford-Chen Stuart.Intrusion detection exchange format(idwg)[EB/OL].http://www.ietf.org/html.charters/idwg-charter.html,2001-04-30/2001-05-07.
[8] Eckmann S T,Vigna G,Kemmerer R A.STATL:an attack language for state-based intrusion detection[A].In:Proc of the ACM Workshop on Intrusion Detection[C].Athens,Greece,2000.http://www.cs.ucsb.edu/~rsg/pub/2000_eckmann_vigna_kemmerer_wids00.ps.gz.
[9] Vigna G,Eckmann S T,Kemmerer R A.Attack languages[A].In:Proc of the IEEE Information Survivability Workshop[C].Boston,MA,2000.http://www.cs.ucsb.edu/~rsg/pub/2000_vigna_eckmann_kemmerer_attacklanguages.ps.gz.
[10] Renesse Robbert van,Minsky Yaron,Hayden Mark.A gossip-based failure detection service[A].In:Proc of Middleware’98[C].England,1998.http://www.cs.cornell.edu/Info/Projects/Spinglass/public_pdfs/Gossip%2520Style%2520Failure.pdf.
[11] Carla Marceau.Characterizing the behavior of a program using multiple-length n-grams[A].In:Proc of the New Security Paradigms Workshop 2000[C].Cork,Ireland:2000.http://www.cs.unm.edu/~forrest/CS691/MLS.pdf.
[12] Lee Wenke,Xiang Dong.Information-theoretic measures for anomaly detection[A].In:2001 IEEE Symposium on Security and Privacy[C].CA,USA,2001.http://dlib.computer.org/conferen/s&p’01/1046/pdf/10460130.pdf.
[13] Helmer Guy,Wong Johnny,Slagell Mark,et al.A software fault tree approach to requirements analysis of an intrusion detection system[A].In: Proc Symposium on Requirements Engineering for Information Security[C].Indianapolis,IN,USA,2001.http://latte.cs.iastate.edu/~ghelmer/SFTA-ID.ps.
[14] Eskin Eleazar.Anomaly detection over noisy data using learned probability distributions[A].In:Proc of the Seventeenth International Conference on Machine Learning[C].2000.http://philby.ucsd.edu/~cse291_IDVA/papers/eskin.anomaly_detection_over_noisy_data_using_learned_probability_distributions.ps.gz.
[15] Wu S F,Chang H C,Jou F,et al.JiNao:design and implementation of a scalable intrusion detection system for the OSPF routing protocol[J].Journal of Computer Networks and ISDN Systems,1999.http://projects.anr.mcnc.org/JiNao/JiNaoJournal.ps.
[16] Kent Stephen T,Sanchez Luis A.External routing intrusion detection system(ERIDS)[EB/OL].http://www.net-tech.bbn.com/projects/erids/erids-index.html,1999-10-01/2001-05-07.
[17] Fraser Timothy,Badger Lee,Feldman Mark.Hardening COTS software with generic software wrappers[A].In:Proc of the 1999 IEEE Symposium on Security and Privacy[C].Oakland,California.1999.http://opensource.nailabs.com/wrappers/docs/wrap-oak99.ps.
[18] Schnackenberg D,Djahandari K,Sterne D.Infrastructure for intrusion detection and response.SC:DARPA Information Survivability Conference and Exposition(DISCEX)[EB/OL],Hilton Head Island,2000.http://download.nai.com/products/media/pgp/pdf/DISCEX-IDR-Infrastructure.pdf.
[19] Blaze Matt,Feigenbaum Joan,Ioannidis John,et al.The Keynote trust-management system version 2 [R].RFC2704,1999.http://www.ietf.org/rfc/rfc2704.txt.
[20] Schnackenberg D,Djahandari K,Strene D,et al.Cooperative intrusion traceback and response architecture(CITRA)[A].In:Proc of the 2nd DARPA Information Survivability Conference and Exposition(DISCEXII)[C].Anaheim,CA,2001.
[21] Feiertag Rich,Kahn Cliff,Porras Phil,et al.A common intrusion specification language(CISL)[EB/OL].http://www.isi.edu/~brian/cidf/drafts/language.txt,1999-06-12/2001-05-07.
[22] Savage S.Network support for IP traceback[J].IEEE/ACM Transaction on Networking,2001,9(3).
[23] Snoeren Alex C,Partridge Craig,Sanchez Luis A,et al.Hash-based IP traceback[A].In:Proc of the ACM/SIGCOMM 2001 Conference on Applications,Technologies,Architectures,and Protocols for Computer Communication [C].San Diego,CA,2001.3-14.http://www.acm.org/sigcomm/sigcomm2001/p1-snoeren.pdf.
[24] Cheung S,Levitt K N.A formal-specification based approach for protecting the domain name system[A].In:Proc of the International Conference on Dependable Systems and Networks [C].New York,2000.641-651.http://online.securityfocus.com/data/library/dsn00.ps.

相似文献/References:

[1]蔡传晰,梅姝娥,仲伟俊.用户权限对入侵检测系统配置策略的影响[J].东南大学学报(自然科学版),2019,49(1):186.[doi:10.3969/j.issn.1001-0505.2019.01.026]
 Cai Chuanxi,Mei Shue,Zhong Weijun.Effects of user rights on configuration strategies for intrusion detection system[J].Journal of Southeast University (Natural Science Edition),2019,49(3):186.[doi:10.3969/j.issn.1001-0505.2019.01.026]

备注/Memo

备注/Memo:
基金项目: 国家自然科学基金重点项目资助(90104031).
作者简介: 龚俭(1957—),男,博士,教授,博士生导师,jgong@njnet.edu.cn.
更新日期/Last Update: 2002-05-20