论文部分内容阅读
入侵检测系统一般只对入侵行为所引起的事件或系统特征进行分析,而往往忽略了入侵事件间的关联特征,以及入侵事件和系统状态间的联系。文章将ECA规则引入到入侵检测系统中,同时对系统动态特性和静态特性进行了分析,从而提高入侵检测的能力。
Intrusion detection systems generally only analyze incidents caused by intrusion or system features, but often neglect the correlation between incidents, as well as the relationship between intrusion events and system states. The article introduces the ECA rules into the intrusion detection system and analyzes the dynamic and static characteristics of the system to improve the capability of intrusion detection.