[1]杨望,龚俭.基于时空约束的IDS系统能力评估方法[J].东南大学学报(自然科学版),2011,41(2):274-279.[doi:10.3969/j.issn.1001-0505.2011.02.012]
 Yang Wang,Gong Jian.IDS system capacity evaluation method based on spatial-temporal restrain[J].Journal of Southeast University (Natural Science Edition),2011,41(2):274-279.[doi:10.3969/j.issn.1001-0505.2011.02.012]
点击复制

基于时空约束的IDS系统能力评估方法()
分享到:

《东南大学学报(自然科学版)》[ISSN:1001-0505/CN:32-1178/N]

卷:
41
期数:
2011年第2期
页码:
274-279
栏目:
计算机科学与工程
出版日期:
2011-03-20

文章信息/Info

Title:
IDS system capacity evaluation method based on spatial-temporal restrain
作者:
杨望龚俭
(东南大学计算机科学与工程学院,南京 210096)
(东南大学江苏省计算机网络技术重点实验室,南京 210096)
Author(s):
Yang WangGong Jian
(School of Computer Science and Technology, Southeast University, Nanjing 210096, China)
(Key Laboratory of Computer Network Technology of Jiangsu Province, Southeast University, Nanjing 210096, China)
关键词:
网络入侵检测系统评估系统能力等价划分
Keywords:
NIDS (net intrusion detection system) evaluation system capacity equivalence partition
分类号:
TP393.2
DOI:
10.3969/j.issn.1001-0505.2011.02.012
摘要:
为了提高入侵检测系统评估结果的准确性和合理性,提出了基于时空约束的评估方法.该方法把承载攻击的报文序列作为描述入侵检测系统检测能力的基础,通过时空约束及其对应的内容约束对入侵检测系统的检测能力空间进行等价划分,完善基于分辨率方法提出的系统能力测度体系.实验表明,基于时空约束的入侵检测系统能力评估方法相对于传统评估方法可以在更精确的维度上对入侵检测系统的能力进行评估,并根据不同阶的时间约束具体指出入侵检测系统能力的弱点.使用基于时空约束的入侵检测系统能力评估方法提高了入侵检测系统评估结果的公平性、合理性和准确性.
Abstract:
In order to improve accuracy and reasonableness of the IDS(intrusion detection system) assessment results, a new IDS evaluation method based on temporal and spatial constrains is proposed. The method uses the attack-carrying packets sequence as the base of describing the detection ability of the IDS. The method also uses the spatial-temporal restrain and the corresponding content restrain to divide the IDS detection capacity into equivalent partition, which complete the system capacity metrics of the resolution-based evaluation method. Experimental results show that comparing to the traditional methods, the spatial-temporal restrain based IDS system capacity evaluation method can more accurately assess the intrusion detection system in different dimensions, and according to the spatial-temporal restrain, the method can specify the weaknesses of intrusion detection system capacity. With this method the fairness, reasonableness and accuracy of the intrusion detection system evaluation result can be improved.

参考文献/References:

[1] 孙美凤,龚俭,杨望.基于特征的入侵检测系统的评估新方法[J].通信学报,2008,28 (11):6-14.
  Sun Meifeng,Gong Jian,Yang Wang.New approach to evaluate the capacity of signature-based intrusion detection systems[J].Journal of Communications,2008,28(11):6-14.(in Chinese)
[2] Source Fire Inc.Snort 2.6.14 [EB/OL].(2006-08-02)[2008-02-01].http://www.snort.org/.
[3] Vern Paxson.Bro 1.3.0 [EB/OL].(2006-08-02)[2008-02-01].http://www.bro-ids.org/.
[4] Goebel J,Holz T.Rishi:identify bot contaminated hosts by IRC nickname evaluation[C]//Proceedings of the First Conference on First Workshop on Hot Topics in Understanding Botnets.Cambridge,MA,USA,2007:8.
[5] Puketza N J.A methodology for testing intrusion detection system[J].IEEE Trans on Software Engineering,1996,22(10):719-729.
[6] Haines J,Lippmann R,Fried D.Design and procedures of the 1999 DARPA intrusion detection evaluation:design and procedures[EB/OL].(2001-01-01)[2005-02-01].http://www.ll.mit.edu/mission/communications/ist/files/TR-1062.pdf.
[7] Massicotte F,Gagnon F,Labiche Y,et al.Automatic evaluation of intrusion detection systems[C]//ACSAC’06.Miami Beach,FL,USA,2006:361-370.
[8] Sommers J,Yegneswaran V,Barford P.Toward comprehensive traffic generation for online IDS evaluation[EB/OL].(2005-08-01) [2009-02-01].http://www.cs.wisc.edu/techreports/viewreport.php?report=1525.
[9] NSS Group.Intrusion prevention systems group test [R].Austin,TX,USA:NSS Group,2008.
[10] Alessandri D.Attack-class-based analysis of intrusion detection systems[D].Newcastle:School of Computer Science,University of Newcastle,2004.
[11] Alessandri D.Using rule-based activity descriptions to evaluate intrusion-detection systems[C]//RAID2000.New York,2000:183-196.
[12] 孙美凤.滥用入侵检测系统中入侵表示的研究[D].南京:东南大学计算机科学与工程学院,2007.

备注/Memo

备注/Memo:
作者简介:杨望(1979—),男,博士,讲师;龚俭(联系人),男,博士,教授,博士生导师,jgong@njnet.edu.cn.
基金项目:国家“十一五”科技支撑计划资助项目(2008BAH37B04).
引文格式: 杨望,龚俭.基于时空约束的IDS系统能力评估方法[J].东南大学学报:自然科学版,2011,41(2):274-279.[doi:10.3969/j.issn.1001-0505.2011.02.012]
更新日期/Last Update: 2011-03-20