• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>Computers and Electrical Engineering >A hybrid intrusion detection system design for computer network security
【24h】

A hybrid intrusion detection system design for computer network security

机译:计算机网络安全的混合入侵检测系统设计

获取原文
获取原文并翻译 | 示例
       
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

Intrusions detection systems (IDSs) are systems that try to detect attacks as they occur or after the attacks took place. IDSs collect network traffic information from some point on the network or computer system and then use this information to secure the network. Intrusion detection systems can be misuse-detection or anomaly detection based. Misuse-detection based IDSs can only detect known attacks whereas anomaly detection based IDSs can also detect new attacks by using heuristic methods. In this paper we propose a hybrid IDS by combining the two approaches in one system. The hybrid IDS is obtained by combining packet header anomaly detection (PHAD) and network traffic anomaly detection (NETAD) which are anomaly-based IDSs with the misuse-based IDS Snort which is an open-source project. The hybrid IDS obtained is evaluated using the MIT Lincoln Laboratories network traffic data (IDEVAL) as a testbed. Evaluation compares the number of attacks detected by misuse-based IDS on its own, with the hybrid IDS obtained combining anomaly-based and misuse-based IDSs and shows that the hybrid IDS is a more powerful system.
机译:入侵检测系统(IDS)是试图在攻击发生时或攻击发生后立即检测攻击的系统。 IDS从网络或计算机系统上的某个点收集网络流量信息,然后使用该信息来保护网络。入侵检测系统可以基于滥用检测或异常检测。基于误用检测的IDS仅可以检测已知攻击,而基于异常检测的IDS也可以使用启发式方法检测新攻击。在本文中,我们通过在一个系统中结合两种方法来提出一种混合IDS。通过将作为基于异常的IDS的数据包头异常检测(PHAD)和网络流量异常检测(NETAD)与作为开源项目的基于误用的IDS Snort进行组合,可以获得混合IDS。使用MIT Lincoln Laboratories网络流量数据(IDEVAL)作为测试平台评估获得的混合IDS。评估将基于滥用的IDS自身检测到的攻击数量与结合了基于异常的IDS和基于滥用的IDS所获得的混合IDS进行了比较,表明混合IDS是一个功能更强大的系统。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号