高级检索

    张雪芹, 林家骏. 一种基于注册表的分布式入侵检测系统[J]. 华东理工大学学报(自然科学版), 2004, (6): 677-681.
    引用本文: 张雪芹, 林家骏. 一种基于注册表的分布式入侵检测系统[J]. 华东理工大学学报(自然科学版), 2004, (6): 677-681.
    ZHANG Xue-qin~*, LIN Jia-jun. A Distributed Intrusion Detection System Based on Windows Registry[J]. Journal of East China University of Science and Technology, 2004, (6): 677-681.
    Citation: ZHANG Xue-qin~*, LIN Jia-jun. A Distributed Intrusion Detection System Based on Windows Registry[J]. Journal of East China University of Science and Technology, 2004, (6): 677-681.

    一种基于注册表的分布式入侵检测系统

    A Distributed Intrusion Detection System Based on Windows Registry

    • 摘要: 提出了一种基于Windows注册表的分布式入侵检测系统(RIDS)的结构。讨论了以Windows注册表作为检测分析数据源的优势以及恶意行为对注册表的影响。给出了RIDS信息源数据模型,入侵分析算法,传感器、检测器、数据仓库的构成。对该类入侵检测系统的研究,将有助于丰富基于主机的入侵检测系统的检测手段。

       

      Abstract: A distributed intrusion detection system architecture based on Windows registry is presented. The advantage of regarding Windows registry as the analysis data source and the impact of (vicious) action to registry are discussed. The data model of RIDS information source, the algorithm of intrusion analysis and the composition of sensor, inspector and data warehouse are introduced. This research will enrich the detection methods of HIDS.

       

    /

    返回文章
    返回