中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 中科院软件所  > 中科院软件所
题名:
一个入侵检测系统的设计与实现
作者: 张旺
答辩日期: 2000
专业: 计算机应用技术
授予单位: 中国科学院软件研究所
授予地点: 中国科学院软件研究所
学位: 博士
关键词: 互联网 ; 网络安全 ; 网络入侵检测 ; 入侵检测专家系统
摘要: Dorothy E. Denning在其论文An Intrusion-Detection Model [Den 1987]中提出一个基于异常理论的入侵检测模型,其要旨是:将系统或用户的行为中与入侵相关的部分抽象出来,形成一些可数字化的指标,这些指标随着系统的状态不断发生变化,通过检测这些指标的值,可以识别出网络入侵。Denning在文章的结尾提过几个开放性的问题,其中一个是:怎样设计和实现一个建立在该模型之上的入侵检测系统?本文作者从1999年12月起开始致力回答这个问题,即:把这个理论模型在一台运行Solaris 2.7的Sun Ultra5工作站上付诸现实。在系统设计和实际编码中,作者遇到很多具体的困难,也发现了原文中一些不切实际的地方,最后,作者除了对该模型本身做了一些改进以外,还加入了超越该模型之外的一些检测方法——利用网络包的截取和分析来检测几种常见的预攻击探测和拒绝服务攻击,使得该系统成为一个比较全面、有效、实用的入侵检测系统。
英文摘要: In the paper An Intrusion-Detection Model [Den 1987], Dorothy E. Denning introduces an intrusion-detection model based on the anomaly theory, the main idea of which is to translate all kind of system or user activities related to security into digital metrics. These metrics keep track of the status of a computer system, and by checking the values of these metrics, network intrusion can be detected. At the end of her paper, Denning gives out several open questions, one of which is: how should a system based on the model be designed and implemented? Since December 1999, the author tried to answer the question and finally succeeded in designing and implementing an IDES based on the model on an Sun Ultra5 workstation running Solaris 2.7. In the designing and implementing of the practical system, the author was confronted with a lot of difficulties which disclosed that some parts of the original model are impractical. So the author has to modify the model somehow, and beside that, the author also added some other intrusion-detection techniques to the IDES which are beyond the range of the original model, thus make the resulting IDES more comprehensive、effective and useful.
语种: 中文
内容类型: 学位论文
URI标识: http://ir.iscas.ac.cn/handle/311060/6988
Appears in Collections:中科院软件所

Files in This Item:
File Name/ File Size Content Type Version Access License
LW002122.pdf(1828KB)----限制开放-- 联系获取全文

Recommended Citation:
张旺. 一个入侵检测系统的设计与实现[D]. 中国科学院软件研究所. 中国科学院软件研究所. 2000-01-01.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[张旺]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[张旺]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2017  中国科学院软件研究所 - Feedback
Powered by CSpace