摘要
日益突出的网络安全问题促进了入侵检测系统(IDS)的研究。在高负载的情况下,入侵检测系统会出现来不及分析审计数据的现象,从而可能遗漏恶意数据,产生漏报。这个问题严重地影响了IDS的性能和使用范围。文章详细讨论了目前各种IDS在负载方面解决办法的优缺点。文章综合分析各种因素,把关键资源作为评判系统负载的指标,采取分布式的体系结构、动态划分计算量以及最近最少攻击的过滤策略,提出了一种较全面的负载解决方案。并根据IDS的数据特点讨论了该方案的负载平衡算法。
The increasing problem in network security promotes the research of Intrusion Detection System.Under heavy load condition,IDS probably can't keep up with the production of audit data.Thus some malicious data are ignored,it's called false negative.This problem badly affects the performance of IDS.In this paper,we discuss the strong and weak points of current Intrusion Detection Systems in load aspect.We analyze all kinds of factors,then propose a comprehen-sive solution,using distributed architecture,dynamically classifying computation and the filter policy by last least attack.We also discuss load balancing algorithm according to the data characteristic of IDS.
出处
《计算机工程与应用》
CSCD
北大核心
2001年第20期48-49,76,共3页
Computer Engineering and Applications
