期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

面向网络安全事件的入侵检测与取证分析 被引量:13

Intrusion detection and forensic analysis for network security incidents
原文传递
导出
摘要 为了提高安全事件应急响应的效率,设计并实现了一个入侵检测与取证分析自动化响应模型.该模型基于特定的安全事件信息,使用OpenFlow交换机实现报文的过滤和转发,利用PF-RING ZC零拷贝工具自动采集报文流量,使用开源入侵检测软件Suricata和多特征关联冗余消除算法完成对网络流量的入侵检测和警报冗余消除,同时结合Bro系统进行应用层协议分析以完成对网络流量的取证分析,可显著减少人工的干预.通过僵尸主机的检测实例对该模型进行了验证,结果表明了该模型对于提升安全事件应急响应效率的有效性. To improve the efficiency of the security incident response,an intrusion detection and forensic analysis automation response model was designed and implemented.The model was based on the particular security event information,OpenFlow switches were used for packet filtering and forwarding,PF-RING ZC Zero-Copy tool was used to automatically collect packet traffic,and open source intrusion detection software Suricata and multi-feature associated redundancy elimination algorithm were used to complete network intrusion detection and redundance elimination of intrusion event.Bro system was combined with application layer protocol analysis to complete forensic analysis of network traffic,which could significantly reduce manual intervention.Various parts of the automated response model were analyzed in detail by bots detected experiment,the results show the effectiveness of the model for enhancing the efficiency of the security incident response.
作者 龚俭 王卓然 苏琪 杨望 Gong Jian Wang Zhuoran Su Qi Yang Wang(School of Computer Science and Engineering, Southeast University, Nanjing 211189, China)
机构地区 东南大学计算机与工程学院
出处 《华中科技大学学报(自然科学版)》 EI CAS CSCD 北大核心 2016年第11期30-33,共4页 Journal of Huazhong University of Science and Technology(Natural Science Edition)
基金 国家自然科学基金资助项目(61602114)
关键词 安全事件 应急响应 入侵检测 冗余消除 取证分析 security incidents emergency response intrusion detection redundancy elimination forensic analysis
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献5

二级参考文献10

  • 1Mukherjee B, Heberlein L T, Levitt K N. Network intrusion detection [J]. IEEE Network, 1994, 8(3):26-41. 被引量:1
  • 2Julisch Klaus. Clustering intrusion detection alarms to support root cause analysis[J]. ACM Transactions on Information and System Security, 2003,6(4) :443-471. 被引量:1
  • 3Ning Peng, Cui Yun, Reeves Douglas, et al. Tools and techniques for analyzing intrusion alerts [ J ]. ACM Transactions on Information and System Security, 2004,7(2) :273-318. 被引量:1
  • 4Schnackenberg Dan, Holliday Harley, Smith Randall,et al. Cooperative intrusion traceback and response architecture(CITRA) [A]. In: Proceedings of the Second DPRPA Information Survivability Conference and Exposition [C]. Anaheim, CA, 2001, 1:56-68. 被引量:1
  • 5Debar H, Wespi A. Aggregation and correlation of intrusion-detection alerts [A]. In: Proceedings of the 4th Symposium on Recent Advance in Intrusion Detection(RAID), LNCS[C]. Berlin: Springer Verlag, 2001. 85-103. 被引量:1
  • 6Claffy K C. Internet traffic characterization [ D ]. San Diego: University of California, 1994. 被引量:1
  • 7Ryu B, Cheney D, Braun H W. Internet flow characterization: adaptive timeout strategy and statistical modeling[ A ]. In: Proceedings of Passive and Active Measurement Workshop[C]. Amsterdam, 2001. 94 - 105. 被引量:1
  • 8Collie B. Legal and Operational Issues Affecting Evidence Preservation and Recovery in Intrusion Cases. F1RST Prceeding, 2001 被引量:1
  • 9Ranmu, Marcus J. Network Forensics and Traffic Monitoring. Computer Security Journal, 1997,12 被引量:1
  • 10Savage S, Wetherall D, Karlin A, et al. Practical Network Support for IP Traceback. In Proceedings of the 2000 ACM SIGCOMM Conference, 2000-08 被引量:1

共引文献28

同被引文献128

引证文献13

二级引证文献76

华中科技大学学报(自然科学版)
2016年 第11期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部