摘要
本文描述了入侵响应回卷的形式化方法及其实现 ,然后建立了一个可回卷的自动入侵响应系统模型 .该系统在检测到误报或入侵停止的情况下 ,采取响应回卷动作 ,从而消除了响应带来的负面影响 ,即响应代价 .试验证明 ,响应回卷技术能较好地降低响应代价 ,从而以较低的代价换取相同的安全目标 .
Traditional intrusion detection systems only carry out response when intrusion is detected. It has two shortcomings. First, when the previous intrusion events that had been responded are proved to be false alarms, the response system cannot correct its response. Secondly, when the intrusion behavior terminates, the response system cannot withdraw the corresponding response so as to eliminate the negative effect. In this paper, a Rollbackable Automated Intrusion Response System (RAIRS) is established to cope with the above two problems. RAIRS can not only automatically detect response, but also detect false alarms and termination of intrusion, and then triggers the rollback of corresponding response to eliminate its negative effect. The experiment proves that the response rollback technique can decrease the response cost so that it can achieve the same security goal with lower cost.
出处
《电子学报》
EI
CAS
CSCD
北大核心
2004年第5期769-773,共5页
Acta Electronica Sinica
基金
国家自然科学基金 (No .90 1 0 4 0 31 )
