基于案例的网络入侵检测方法

Proceedings of the Fifth International Conference on Information Fusion. FUSION 2002. (IEEE Cat.No.02EX5997) Pub Date : 2002-07-08 DOI:10.1109/ICIF.2002.1020933

Daniel G. Schwartz, S. Stoecklin, E. Yilmaz

{"title":"基于案例的网络入侵检测方法","authors":"Daniel G. Schwartz, S. Stoecklin, E. Yilmaz","doi":"10.1109/ICIF.2002.1020933","DOIUrl":null,"url":null,"abstract":"This paper reports progress on creating a case-based implementation of the well-known Snort intrusion detection system. Snort is a simple rule-based system that is known to suffer limitations, including both failure to detect certain kinds of intrusions and the frequent raising of false alarms. We believe that a case-based reasoning approach can provide a framework in which to incorporate more sophisticated artificial intelligence techniques that will help overcome some of these limitations. In addition, the present system is intended to apply more generally to other aspects of network security, as well as other domains related to protecting the nation's critical infrastructure. The system is being built using the modern software engineering technique known as \"adaptive\" or \"reflective architectures,\" which will make it easily adaptable to other kinds of problem domain.","PeriodicalId":399150,"journal":{"name":"Proceedings of the Fifth International Conference on Information Fusion. FUSION 2002. (IEEE Cat.No.02EX5997)","volume":"708 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2002-07-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"27","resultStr":"{\"title\":\"A case-based approach to network intrusion detection\",\"authors\":\"Daniel G. Schwartz, S. Stoecklin, E. Yilmaz\",\"doi\":\"10.1109/ICIF.2002.1020933\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This paper reports progress on creating a case-based implementation of the well-known Snort intrusion detection system. Snort is a simple rule-based system that is known to suffer limitations, including both failure to detect certain kinds of intrusions and the frequent raising of false alarms. We believe that a case-based reasoning approach can provide a framework in which to incorporate more sophisticated artificial intelligence techniques that will help overcome some of these limitations. In addition, the present system is intended to apply more generally to other aspects of network security, as well as other domains related to protecting the nation's critical infrastructure. The system is being built using the modern software engineering technique known as \\\"adaptive\\\" or \\\"reflective architectures,\\\" which will make it easily adaptable to other kinds of problem domain.\",\"PeriodicalId\":399150,\"journal\":{\"name\":\"Proceedings of the Fifth International Conference on Information Fusion. FUSION 2002. (IEEE Cat.No.02EX5997)\",\"volume\":\"708 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2002-07-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"27\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the Fifth International Conference on Information Fusion. FUSION 2002. (IEEE Cat.No.02EX5997)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICIF.2002.1020933\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the Fifth International Conference on Information Fusion. FUSION 2002. (IEEE Cat.No.02EX5997)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICIF.2002.1020933","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 27

摘要

本文报告了创建一个基于案例的著名Snort入侵检测系统的进展。Snort是一种简单的基于规则的系统，众所周知，它存在一些局限性，包括无法检测到某些类型的入侵和频繁发出假警报。我们相信，基于案例的推理方法可以提供一个框架，其中包含更复杂的人工智能技术，这将有助于克服这些限制。此外，本系统旨在更广泛地应用于网络安全的其他方面，以及与保护国家关键基础设施有关的其他领域。系统正在使用被称为“自适应”或“反射体系结构”的现代软件工程技术构建，这将使它很容易适应其他类型的问题域。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A case-based approach to network intrusion detection

This paper reports progress on creating a case-based implementation of the well-known Snort intrusion detection system. Snort is a simple rule-based system that is known to suffer limitations, including both failure to detect certain kinds of intrusions and the frequent raising of false alarms. We believe that a case-based reasoning approach can provide a framework in which to incorporate more sophisticated artificial intelligence techniques that will help overcome some of these limitations. In addition, the present system is intended to apply more generally to other aspects of network security, as well as other domains related to protecting the nation's critical infrastructure. The system is being built using the modern software engineering technique known as "adaptive" or "reflective architectures," which will make it easily adaptable to other kinds of problem domain.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the Fifth International Conference on Information Fusion. FUSION 2002. (IEEE Cat.No.02EX5997)

自引率

0.00%

发文量