UC知道求高手帮翻译论文2
来源:百度知道 编辑:UC知道 时间:2024/06/07 16:21:51
2. INTRUSION DETECTION SYSTEMS
Early IDS’s operated at the host level, whereas contemporary systems tend to be network-based [7]. Host-based IDS’s
monitor a single host machine using the audit trails of a host operating system and network-based IDS’s monitor any
number of hosts on a network by scrutinising the audit trails of multiple hosts and network traffic.
Both host-based IDS’s and network-based IDS’s mainly employ two techniques: anomaly detection and misuse
detection [7]. The anomaly detection approach establishes the profiles of normal activities of users, systems, system
resources, network traffic and/or services and detects intrusions by identifying significant deviations from the normal
behaviour patterns observed from profiles. The misuse detection approach defines suspicious misuse signatures based
on known system vulnerabilities and a security policy. This approach probes whether these misuse signatures are
present or not in th
Early IDS’s operated at the host level, whereas contemporary systems tend to be network-based [7]. Host-based IDS’s
monitor a single host machine using the audit trails of a host operating system and network-based IDS’s monitor any
number of hosts on a network by scrutinising the audit trails of multiple hosts and network traffic.
Both host-based IDS’s and network-based IDS’s mainly employ two techniques: anomaly detection and misuse
detection [7]. The anomaly detection approach establishes the profiles of normal activities of users, systems, system
resources, network traffic and/or services and detects intrusions by identifying significant deviations from the normal
behaviour patterns observed from profiles. The misuse detection approach defines suspicious misuse signatures based
on known system vulnerabilities and a security policy. This approach probes whether these misuse signatures are
present or not in th
2 。入侵检测系统
早期的入侵检测系统的操作水平的,而现代的系统往往是基于网络的[ 7 ] 。基于主机的入侵检测系统的监测一个单独的主机上使用的审计线索的主机操作系统和基于网络的入侵检测系统的监测一些网络上的主机通过审核的审计线索的多台主机和网络流量。
双方基于主机的入侵检测系统和基于网络的入侵检测系统的主要使用两种技术:异常检测和误用检测[ 7 ] 。异常检测方法建立了个人档案的正常活动的用户,系统,系统资源,网络流量和/或服务和入侵检测,确定严重偏离正常
行为模式中观察到的配置文件。滥用检测方法确定可疑的滥用签字对已知的系统漏洞和安全政策。这种做法是否滥用探针签字的目前或在审计线索。这两种技术有不同的长处和弱点,并应在一个完整的相互入侵检测[ 7 ] 。
本文重点介绍了类比人类免疫系统和基于网络的入侵检测系统的。 Somayaji等
基地。 [ 9 ]目前的更为一般性的原则,并提出各种可能性电脑免疫系统。与此相反,这文件集中在设计主管基于网络的入侵检测系统的,并分析了几个突出特点电脑系统与此特定问题的注意。