采用简化和分组的核级入侵检测方法

The 7th International Conference on Advanced Communication Technology, 2005, ICACT 2005. Pub Date : 2005-07-11 DOI:10.1109/ICACT.2005.245838

Bo-heung Chung, Seungho Ryu, Jeong-Nyeo Kim, Jongsoo Jang

{"title":"采用简化和分组的核级入侵检测方法","authors":"Bo-heung Chung, Seungho Ryu, Jeong-Nyeo Kim, Jongsoo Jang","doi":"10.1109/ICACT.2005.245838","DOIUrl":null,"url":null,"abstract":"This paper proposes the kernel-level intrusion detection method (KIDM) using simplification and grouping of intrusion detection rules. These rules group into group-rule and common-rule generated by simplification. The intrusion detection is separated into common detection and extended detection step. The packet is checked by common detection using the common-rule. If this step detects nothing, the packet is forwarded to its destination. If not, it is passed into the extended detection using the group-rule. Through grouping of similar detection rules, the search space and searching time can be greatly minimized. Using the simplified rule in intrusion detection, the packet inspection time can be largely reduced. With the help of these two steps, fast and effective intrusion detection is possible in network nodes such as router and switch","PeriodicalId":293442,"journal":{"name":"The 7th International Conference on Advanced Communication Technology, 2005, ICACT 2005.","volume":"82 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2005-07-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Kernel-level intrusion detection method using simplification and grouping\",\"authors\":\"Bo-heung Chung, Seungho Ryu, Jeong-Nyeo Kim, Jongsoo Jang\",\"doi\":\"10.1109/ICACT.2005.245838\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This paper proposes the kernel-level intrusion detection method (KIDM) using simplification and grouping of intrusion detection rules. These rules group into group-rule and common-rule generated by simplification. The intrusion detection is separated into common detection and extended detection step. The packet is checked by common detection using the common-rule. If this step detects nothing, the packet is forwarded to its destination. If not, it is passed into the extended detection using the group-rule. Through grouping of similar detection rules, the search space and searching time can be greatly minimized. Using the simplified rule in intrusion detection, the packet inspection time can be largely reduced. With the help of these two steps, fast and effective intrusion detection is possible in network nodes such as router and switch\",\"PeriodicalId\":293442,\"journal\":{\"name\":\"The 7th International Conference on Advanced Communication Technology, 2005, ICACT 2005.\",\"volume\":\"82 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2005-07-11\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"The 7th International Conference on Advanced Communication Technology, 2005, ICACT 2005.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICACT.2005.245838\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"The 7th International Conference on Advanced Communication Technology, 2005, ICACT 2005.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICACT.2005.245838","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

摘要

通过对入侵检测规则的简化和分组，提出了一种核级入侵检测方法(KIDM)。这些规则分为组规则和通过简化生成的公共规则。将入侵检测分为普通检测步骤和扩展检测步骤。使用公共规则对报文进行公共检测。如果此步骤没有检测到任何内容，则将数据包转发到目的地。如果没有，则使用组规则将其传递到扩展检测中。通过对相似检测规则进行分组，可以极大地减少搜索空间和搜索时间。将简化后的规则应用到入侵检测中，可以大大减少检测报文的时间。通过这两个步骤，可以对路由器、交换机等网络节点进行快速有效的入侵检测

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Kernel-level intrusion detection method using simplification and grouping

This paper proposes the kernel-level intrusion detection method (KIDM) using simplification and grouping of intrusion detection rules. These rules group into group-rule and common-rule generated by simplification. The intrusion detection is separated into common detection and extended detection step. The packet is checked by common detection using the common-rule. If this step detects nothing, the packet is forwarded to its destination. If not, it is passed into the extended detection using the group-rule. Through grouping of similar detection rules, the search space and searching time can be greatly minimized. Using the simplified rule in intrusion detection, the packet inspection time can be largely reduced. With the help of these two steps, fast and effective intrusion detection is possible in network nodes such as router and switch

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

The 7th International Conference on Advanced Communication Technology, 2005, ICACT 2005.

自引率

0.00%

发文量