作　　者： ; ;

机构地区： 广东工业大学计算机学院

出　　处： 《计算机安全》 2009年第8期15-17,共3页

摘　　要： 传统的基于误用检测的入侵检测系统大多采用简单模式匹配或者是模式匹配的改进方法进行入侵检测。采用模式匹配的入侵检测方法具有匹配的数据量大、误报率和漏报率高的问题。针对这些主要问题,提出了基于协议分析树的通用协议分析入侵检测算法以及基于此算法思想的多Agent并行处理协同工作的入侵检测体系结构,并对其入侵检测性能进行了分析,从理论上证明了其在检测速度上有巨大提高,适合高速网路和下一代网络的需要。 Most of the traditional intrusion detection systems based on misuse detection method use simple pattern match or improved simple pattern technology to detect the intrusion. There are some problems in the intrusion detection method used pattern match such as the large amount of data needed matching, the high rates of false positives and omissions. The paper focuses on research topics of the algorithm and architecture of a new intrusion detection technology. It describes a general intrusion detection algorithm based on protocol analysis tree and a parallel processing intrusion detection architecture of Multi-Agent cooperative work based on the former algorithm. It analyzed performance of the method, and in theory it has proved its high speed in the detection and meeting to the need of Next Generation Network.

关 键 词： 入侵检测 协议分析 协议分析树 协同工作

领　　域： [自动化与计算机技术] [自动化与计算机技术] [自动化与计算机技术] [自动化与计算机技术]