论文部分内容阅读
实时主动型入侵检测系统需要完善的审计信息的支持 ,该文首先介绍了目前入侵检测系统使用的审计信息及采用时序逻辑性和空间性来评价审计信息完善性的简单方法 ;然后从目的节点出发 ,提出网络可抽象为一个有源的场 ,场源是目的节点 ,在某一节点上发送到目的节点的数据包频度 (一定时间内的数据包总量 )抽象为在此节点上场的散度 .据此提出了防守联盟协议 ,用于完善空间性审计信息以提高入侵检测系统的性能 ,文章介绍了协议内容、数据格式和协议的基本服务原语 ;防守联盟协议包括目的节点安全系数的概念、目的节点和相邻节点间的防守联盟协议以及目的节点和网管中心间的防守联盟协议 ,目的节点安全系数定义为目的节点的所有相邻节点上的散度之和占目的节点缓存器容量的百分比 ,目的节点和相邻节点间的防守联盟协议阐述了存在于相邻节点的审计信息如何获取并发送至目的节点 ,目的节点和网管中心间的防守联盟协议阐述了利用网管中心如何认证连接的真实性以完善空间性审计信息 ,并分析了二者的关系 ;文章简单分析了防守联盟协议的自身安全性 .
The real-time active intrusion detection system needs perfect audit information support. This paper first introduces the current audit information used in intrusion detection system and the use of temporal logic and space to evaluate the integrity of audit information, a simple method; and then from the destination node , Proposed that the network can be abstracted as an active field whose source is the destination node and the frequency of data packets sent to the destination node on a certain node (the total amount of data packets in a certain period of time) is abstracted as Therefore, a defense alliance protocol is proposed to improve the spatial audit information to improve the performance of intrusion detection system. The article introduces the basic service primitives of protocol content, data format and protocol. The defense alliance protocol includes the safety factor of the destination node Concept, defensive alliance agreement between destination node and adjacent nodes and defensive alliance agreement between destination node and network management center. The destination node security factor is defined as the sum of the divergences on all the adjacent nodes of the destination node in the destination node buffer capacity The percentage of defending coalitions between the destination node and the neighboring nodes expresses the presence of the phase How to get the audit information of the node and send it to the destination node. The defensive alliance agreement between the destination node and the network management center expounds how to use the network management center to authenticate the authenticity of the connection to improve the spatial audit information and analyze the relationship between the two. The article is simple Analyze the defensive union’s own security.