摘要
随着对入侵检测技术的深入研究和入侵检测产品的广泛应用,对入侵检测系统的评估技术的研究成为一个重要的研究领域.介绍了入侵检测评估的相关工作,讨论了对入侵检测系统进行评估时的主要评价指标,提出了一个入侵检测系统的评估系统.评估系统由主控模块统一控制,主控模块分别对流量控制模块和攻击模拟模块进行调度.对评估环境中所有的数据进行记录,作为评估模块的输入.该系统实现了网络流量和主机使用模拟、攻击模拟以及评估报告的生成等功能.
With the deeply research on intrusion detection techniques and the widely use of intrusion detection products, the study of evaluation techniques of intrusion detection systems became important. In the paper, relative works of the evaluation of intrusion detection systems was introduced. The primary aspects of intrusion detection systems in an evaluation were discussed. An evaluation system for intrusion detection systems was proposed. In the system, a supervisor module controls the whole system. The supervisor module schedules the traffic control module and the attack emulation module. The data in the evaluation environment are recorded and input to the evaluation module. The functions such as emulation of network traffic and host usage, emulation of attacks and evaluation report generation are implemented.
出处
《小型微型计算机系统》
CSCD
北大核心
2005年第4期568-571,共4页
Journal of Chinese Computer Systems
基金
国家"八六三"计划CIMS主题(2003AA414210)资助
国家自然科学基金(60173051)资助
教育部优秀青年教师科研教学奖励计划资助
教育部高等学校博士学科点专项科研基金(20030145029)资助.
关键词
网络安全
入侵检测
评估
仿真
攻击
network security
intrusion detection
evaluation
emulation
attack