摘要
入侵检测技术是一种主动保护网络资源免受黑客攻击的安全技术。入侵检测系统监控受保护系统的使用情况,发现不安全状态。它不仅帮助系统对付外来网络攻击,还可以查知内部合法用户的非法操作,扩展了系统管理员的安全管理能力。入侵检测为系统提供了实时保护,被认为是防火墙之后的第二道安全闸门。文章讲述了入侵检测技术的发展状况和关键技术,对现有系统进行了分类,并指出了该技术面临的一些挑战。最后提出了一种基于数据挖掘技术的具有自学习、自完善功能的入侵检测模型,可发现已知和未知的滥用入侵和异常入侵活动。
: Intrusion detection technology is an active security technology which can prevent the network components from being attacked by hackers.Intrusion detection system(IDS)monitors the usage of protected systems,detects insecure states.It can not only help coping with external attacks but also detects the misuse of the legitimate users.IDS extends the security administrator's ability.IDS offers real-time protection to systems and is considered as the second line of defence behind firewall.In this paper we introduce the development and key technologies of IDS,give a taxonomy of present systems,point out some challenges this technology faced.At last we present a datamining-based IDS model which has the functions of self-learning and self-completing,it can detect the known and novel intrusion activities.
出处
《计算机工程与应用》
CSCD
北大核心
2001年第16期1-4,共4页
Computer Engineering and Applications
基金
国家863高技术项目(编号:863-306-QN2000-5)
西安交通大学科学研究基金资助
