An implementation model of network monitoring for misusedetection is proposed in this paper. The model contains three hierarchically related functional components: data collecting, analysis-decision, and analyzer, which can be effectively used to detect known misuses in a real-time way. A security knowledge expression method based on the concept of analyzer is introduced, and is applied to three well known attacks, scan, teardrop, and land as examples. Some other implementation is sues like response mechanism are mentioned as well%本文提出了一种面向入侵监测的网络安全监测模型,它由数据采集、决策分析和分析机三个独立的部分以层次方式构成,能够对已知的网络入侵方式进行有效地实时监测.文章给出了基于安全分析机概念的安全知识表达方法,并对扫描(scan),teardrop,land等常见攻击方式进行了特征刻划.此外,论文还对安全监测系统设计中应当考虑的问题,如报警问题进行了讨论.
展开▼