入侵检测是保护计算机系统安全的重要手段.攻击分类研究对于系统地分析计算机系统脆弱性和攻击利用的技术方法有着重要的意义,这有助于构造高效的入侵检测方法.通过对现有入侵检测方法和攻击分类方法的分析和研究,提出了一种面向检测的网络攻击分类方法——ESTQ方法,并对其进行了形式化描述和分析.根据ESTQ网络攻击分类方法构造了相应的检测方法.以此为基础设计了一个具有分布式结构的网络入侵检测系统DNIDS,并进行了原型系统的实现和测试.%Attack detection is an important approach to enhancing computer system security. The study of attack classification has a significant role to analyze computer system vulnerability and technique used for attack and can help to build effective detection methods. A detection-oriented network attack classification approach—ESTQ is introduced and analyzed using formal description technique. Based on ESTQ classification approach, a network intrusion detection method is built and a distributed network intrusion detection system—DNIDS is designed. Finally, a DNIDS prototype system is implemented.
展开▼
