计算机专业英语论文(关于网络安全-入侵检测)-英文版

9-NETWROKSECURITYE-mail:xxxxxxxx@qq.comTel:156xxxxxxxx1Abstract—Withthedevelopmentofcomputernetworktechnology,theriskofnetworkintrusionalsohasgreatlyincreased.ButthetraditionalEncryptionandfirewalltechnologycan’tmeetthesecurityneedtoday.Sotheintrusiondetectiontechnologyisbeingdevelopedquicklyinrecentyears,whichisanewdynamicsecuritymechanisminasetofdetecting,preventingthebehaviorofsystemintrusion.Unlikethetraditionalsecuritymechanism,intrusiondetectionhasmanyfeaturessuchasintelligentsurveillance,real-timedetection,dynamicresponseandsoon.Andinasense,intrusiondetectiontechnologyisareasonablesupplementoffirewalltechnology.IndexTerms—networksecurity,intrusiondetectionI.THENECESSITYOFINTRUSIONDETECTIONWiththedevelopmentofcomputernetworktechnology,thedestructiveeffectsandlossesofnetworkattacksalsohavegreatlyincreased.Thenetworksecurityisbecomingmoreandmorecomplicated,thetraditionalandpassiveEncryptionandfirewalltechnologycan’tagainstthediverseandcomplexattacks.Recently,intrusionisveryeasytomanycomputercompetent,andtherearemanyintrusioncoursesandtools.Soit’sofgreatsignificanceandnecessitytodeveloptheIntrusionDetectionSystem.II.THEDEVELOPMENTOFINTRUSIONDETECTIONSYSTEMIn1980,JamesP.Andersonwroteabooknamed“ComputerSecurityThreatMonitoringandSurveillance”,whichexplainedtheconceptofIntrusionDetectionindetail,thethreatclassificationsofcomputersystemandtheideaofmonitoringintrusionactivitiesusingauditingtrackingdata.From1984to1986,DorothyDenningandPeterNeumannworkedoutareal-timeIntrusionDetectionSystemmodel--IDES.In1990,L.HeberieinandsomeotherpeopledevelopedNSM(NetworkSecurityMonitor),whichmadeagreatdevelopmentofIDSandhasformedIDSbasedonnetworkandIDSbasedonhostcomputer.After1988,AmericabegantostudyDIDS(DistributedIntrusionDetectionSystem),whichbecameamilestone-productofthehistoryofIDS.From1990stonow,theresearchanddevelopmentofIntrusionDetectionSystemhasmadegreatprocessinintelligenceanddistribution.III.DEFINITIONANDWORK-FLOWA.DefinitionIntrusionDetectionisthediscoveryofintrusionbehaviors.Itcollectsandanalysesthedatafromsomekeypointsincomputernetworksorcomputersystems,andchecksupwhetherthereexistsbehaviorsviolatingsecuritypoliciesorattackingsignsinnetworksorsystems.Then,itcansoundthealarmormakecorrespondingresponseintimetoensuretheconfidentialityandavailabilityofsystemresource.B.Work-flow1)InformationGatheringThefirststepofintrusiondetectionisinformationgathering.Andtheinformationincludethecontentsofnetworktraffic,thestatesandbehaviorsofthetheconnectionofusersandactivities.2)SignalAnalysisFortheinformationgatheredabove,therearethreetechnologiestoanalyzethem:patternmatching,statisticalanalysisandintegrityanalysis.3)Real-timeRecording,AlarmingandLimitedCounterattackThefundamentalgoalofIDSistomakecorrespondingresponsetotheintrusionbehaviors,whichincludesdetailedlogging,real-timealarmandlimitedcounterattackresource.IV.GENERICMODELANDFRAMEWORKA.TheGenericModelIn1987,Denningproposedaabstractgenericmodelofintrusiondetection.Infigure1below,themodelmainlyconsistsofsixparts:subjects,objects,auditrecords,activityprofiles,exceptionrecordsandactivityrules.IntrusionDetectioninNetworkSecurityZhangSan201221xxxxMasterofComputing,xxxxxxxUniversity,Wuhan,Chinaxxxxxxx@qq.com9-NETWROKSECURITYE-mail:xxxxxxxx@qq.comTel:156xxxxxxxx2figure1B.TheFrameworkInrecentyears,themarketofintrusiondetectionsystemsdevelopsveryquickly,butthelackoftheuniversalityofdifferentsystemshindersthedevelopmentofintrusiondetection,becausethereisnocorrespondinggeneralstandard.InordertosolvetheuniversalityandcoexistenceproblembetweendifferentIDS,AmericaDefenseAdvancedResearchProjectsAgency(DARPA)startedtomakeCIDF(CommonIntrusionDetectionframework,thecommonintrusiondetectionframework)standard,andtheytriedtoprovideafundamentalstructurewhichallowsintrusiondetection,analysisandresponsesystem.FinallythesecuritylaboratoryintheUniversityofCaliforniaatDaviscompletedCIDFstandard.Themainpurposeoftheframeworkis:1)IDScomponentsharing,thatisacomponentoftheIDScanbeusedbyanotherIDS.2)Datasharing,thatis,allkindsofdatainIDScanbesharedandtransferredbetweendifferentsystemsbythestandarddataformatprovided.3)Toimprovetheuniversalitystandardsandestablishasetofdevelopmentinterfaceandsupporttools.TheCIDFexpoundsthegenericmodelofaintrusiondetectionsystem,itwillclassifyaIDSintothecomponentsbelow:a)EventGeneratorsGettingeventsfromthewholecomputingenvironmentandprovidingthemtotheotherpartsofthesystem.b)EventAnalyzersAnalyzingthedataobtainedandproducingtheanalyticresults.c)ResponseUnitsItisthefunctionalunitwhichresponsestotheanalyticresults.Itcanmakeastrongreactionsuchascuttingofftheconnectionorchangingtheattributeoffiles,orjustasimplealarm.d)EventDatabasesItisacollectivenameoftheplacewhereallkindsofdataisstored.Itcanbeacomplexdatabaseorasimpletextfile.V.THECLASSIFICATIONOFINTRUSION.A.IntrusionBaseontheHostUsually,itmakesuseoftheoperatingsystemaudit,tracklogasadatasources,fordetectingintrusion,somewillalsointeractwiththehostsystemtogettheinformationthatdoesn’texistinthesystemlog.Thistypeofdetectionsystem