基于特征的IDS为了检测到攻击,必须处理能与攻击表现相匹配的攻击描述,该过程可以简化为与网络报文部分匹配的模式描述,也可以复杂化为将多传感器输出映射到抽象攻击表现的状态机描述或神经网络描述.描述了入侵检测系统(IDS)中涉及的几个典型拒绝服务攻击(DoS)模式,对这些DoS攻击模式进行了详细的分析.DoS特征是书写检测特定攻击过滤器的必要知识,详细描述了这些DoS攻击的特征,并提出了抵御DoS攻击的一个应对措施--IDS.%For a signature-based IDS to detect attacks,it must possess an attack description that can be matched to sensed attack manifestations. This can be either simplified as a specific pattern that matches a portion of a network packet, or complicated as a state machine or neural network description that maps multiple sensor outputs to abstract attack representations. The paper present several typical patterns of Denial of Service attack (DoS) for Intrusion Detection System(IDS),and analyze them in detail,and give some characteristics of these DoS attacks which are knowledge of how to write filters to detect the specific attacks we address ed. A countermeasure-IDS is proposed as well.
展开▼
