| 分布式入侵检测系统的协作交互研究 |
| |
| 引用本文: | 连一峰. 分布式入侵检测系统的协作交互研究[J]. 中国科学院研究生院学报, 2005, 22(2): 202-209 |
| |
| 作者姓名: | 连一峰 |
| |
| 作者单位: | 信息安全国家重点实验室,中国科学院研究生院,北京,100049 |
| |
| 基金项目: | 国家自然科学基金重点项目 (90 10 40 3 0 ),国家 973项目 (G19990 3 5 80 1)资助 |
| |
| 摘 要: | 组件之间的信息交互及协作分析是分布式入侵检测系统的关键问题 ,在基于层次化协作模型分布式入侵检测系统的基础上 ,分析了检测组件的信息交互需求 ,从静态分析的角度提出了扩展入侵检测消息交互格式 ,针对不同类型攻击行为的组件交互及协作流程 ,进行了动态的流程分析 ,为检测系统实现高效的入侵事件通报、审计数据收集、入侵事件协作检测和入侵行为分布式响应提供了标准的表述格式和流程定义 .
|
| 关 键 词: | 分布式入侵检测 扩展入侵检测消息交互格式 层次化协作模型 |
| 文章编号: | 1002-1175(2005)02-0202-08 |
| 修稿时间: | 2004-05-11 |
A Study on Information Exchange and Cooperation in Distributed Intrusion Detection Systems |
| |
| LIAN Yi-Feng. A Study on Information Exchange and Cooperation in Distributed Intrusion Detection Systems[J]. Journal of the Graduate School of the Chinese Academy of Sciences, 2005, 22(2): 202-209 |
| |
| Authors: | LIAN Yi-Feng |
| |
| Abstract: | Information exchange and cooperation between components acts as the k ey problem of distributed intrusion detection system. According to DIDS based on Hierarchical Cooperation Model (HCM), we analyze the requirements of informatio n exchange between detection components in this model. We present the Extended I ntrusion Detection Message Exchange Format (EIDMEF) to provide a standard descri pt ion format which contributes to efficient information exchange and cooperation, such as reporting intrusion incidents, collecting audit data, performing coopera tive detection and activating distributed responses to intrusive behaviors. Work flows of information exchange and processing procedure in this model when confro nted with different kinds of intrusions are also depicted in detail. |
| |
| Keywords: | Distributed Intrusion Detection Extended Intrusion De tection Message Exchange Format Hierarchical Cooperation Model |
| 本文献已被 CNKI 万方数据 等数据库收录! |
