| 一种实时入侵检测系统设计与实现 |
| |
| 引用本文: | 全代勇,陈力.一种实时入侵检测系统设计与实现[J].科技广场,2006,24(4):89-90. |
| |
| 作者姓名: | 全代勇 陈力 |
| |
| 作者单位: | 1. 三峡大学电气信息学院,宜昌,443002
2. 中国国际航空股份有限公司信息技术中心,北京,100621 |
| |
| 摘 要: | 针对IDS存在的漏报和误报率高的缺陷,本文首先在分析了主流操作系统Windows的消息驱动特征后,介绍了如何利用系统调用截获技术,将系统调用截获至判断机构,安全的系统调用继续,非安全系统调用则重定向到检测机构进行实时入侵检测。最后,本文提出了一种实时入侵检测系统的模型并给出了简单的实现方案。
|
| 关 键 词: | 实时入侵检测 系统调用截获 挂钩 |
| 文章编号: | 1671-4792-(2006)4-0025-02 |
Design and Implementation of Real-time Intrusion Detection System |
| |
| Quan Daiyong,Chen Li.Design and Implementation of Real-time Intrusion Detection System[J].Science Mosaic,2006,24(4):89-90. |
| |
| Authors: | Quan Daiyong Chen Li |
| |
| Abstract: | To reduce false positive and false negative rate in IDS,the technology of system call interception is applied based on the message driven opertating system such as Windows. System calls are intercepted to the evaluation module, in which the legal system call contiued, while illegal system call redirected to the detection module . A model of real-time intrusion detection is provided and simply specified in this article. |
| |
| Keywords: | Real-time Intrusion Detection System Call Interception Hooking |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
