机构地区: 广州大学计算机科学与教育软件学院
出 处: 《广州大学学报(自然科学版)》 2011年第4期68-72,共5页
摘 要: 入侵检测是网络安全技术研究中热点问题之一.现有入侵检测系统模型大多报警量巨大,另外不能对系统当前所面临的攻击进行实时定量危险评估,为解决这两个问题,提出了一种基于危险理论的入侵检测系统模型DTIDS.对网络活动中自体、非自体、免疫细胞、记忆检测器、成熟检测器和未成熟检测器进行了形式化描述,建立了主机实时危险定量计算方程.理论分析和实验结果表明,DTIDS优于已有的入侵检测系统模型. Intrusion detection technology is one of the hot-spot problems in network security. The current intrusion detection models have two deficiencies, one is the huge alerts, and the other is these models cannot evaluate the anomaly menace degree of real-time intrusion attack. In order to solve these problems, a novel danger theory-inspired intrusion detection system model (DTIDS) is proposed. With definitions of self and non-self, the process of mature detectors tolerance, and immune memory detector evolution in network security domain are depicted. The mathematic equations of the danger signal, the danger evaluation, and danger alert are further built. Simulations of this model are performed, and the comparison experiment results show that DTIDS outperforms the existed intrusion detection models.
领 域: [自动化与计算机技术] [自动化与计算机技术]