| 一个入侵检测系统的设计与实现 |
| 张旺
|
| 专业 | 计算机应用技术
|
| 2000
|
| 学位授予单位 | 中国科学院软件研究所
|
| 学位 | 博士
|
| 学位授予地点 | 中国科学院软件研究所
|
| 关键词 | 互联网
网络安全
网络入侵检测
入侵检测专家系统
|
| 摘要 | Dorothy E. Denning在其论文An Intrusion-Detection Model [Den 1987]中提出一个基于异常理论的入侵检测模型,其要旨是:将系统或用户的行为中与入侵相关的部分抽象出来,形成一些可数字化的指标,这些指标随着系统的状态不断发生变化,通过检测这些指标的值,可以识别出网络入侵。Denning在文章的结尾提过几个开放性的问题,其中一个是:怎样设计和实现一个建立在该模型之上的入侵检测系统?本文作者从1999年12月起开始致力回答这个问题,即:把这个理论模型在一台运行Solaris 2.7的Sun Ultra5工作站上付诸现实。在系统设计和实际编码中,作者遇到很多具体的困难,也发现了原文中一些不切实际的地方,最后,作者除了对该模型本身做了一些改进以外,还加入了超越该模型之外的一些检测方法——利用网络包的截取和分析来检测几种常见的预攻击探测和拒绝服务攻击,使得该系统成为一个比较全面、有效、实用的入侵检测系统。 |
| 其他摘要 | In the paper An Intrusion-Detection Model [Den 1987], Dorothy E. Denning introduces an intrusion-detection model based on the anomaly theory, the main idea of which is to translate all kind of system or user activities related to security into digital metrics. These metrics keep track of the status of a computer system, and by checking the values of these metrics, network intrusion can be detected. At the end of her paper, Denning gives out several open questions, one of which is: how should a system based on the model be designed and implemented? Since December 1999, the author tried to answer the question and finally succeeded in designing and implementing an IDES based on the model on an Sun Ultra5 workstation running Solaris 2.7. In the designing and implementing of the practical system, the author was confronted with a lot of difficulties which disclosed that some parts of the original model are impractical. So the author has to modify the model somehow, and beside that, the author also added some other intrusion-detection techniques to the IDES which are beyond the range of the original model, thus make the resulting IDES more comprehensive、effective and useful. |
| 页数 | 44
|
| 语种 | 中文
|
| 内容类型 | 学位论文
|
| URI标识 | http://ir.iscas.ac.cn/handle/311060/6988
|
| 专题 | 中科院软件所_中科院软件所
|
推荐引用方式
GB/T 7714 |
张旺. 一个入侵检测系统的设计与实现[D]. 中国科学院软件研究所. 中国科学院软件研究所,2000.
|
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。
修改评论