论文部分内容阅读
大多数操作系统、数据库系统及应用系统都提供了某种审计机制,但由于缺乏对于系统审计信息进行实时处理的技术和能力,往往只是在通过其他途径发现入侵或犯罪迹象之后才来分析系统的审计信息,使审计信息仅仅作为一种事后的证据。这样便浪费了这些对于保障信息系统安全具有重大意义的宝贵资源。因此,将审计跟踪与实时预警结合起来,实现实时的入侵检测是非常有意义的。该文分析了当前根据审计跟踪进行入侵检测的方法和特点,提出利用神经网络进行入侵检测的优势所在。
Most operating systems, database systems, and application systems provide some kind of auditing mechanism, but often lacking the technology and capabilities to process system audit information in real time, often only after it has detected invaders or criminal signs through other means Audit information, the audit information only as an afterthought. This wastes up valuable resources that are of great importance to the security of information systems. Therefore, it is very meaningful to combine audit trail with real-time early warning to achieve real-time intrusion detection. This paper analyzes the current methods and features of intrusion detection based on audit trail, and puts forward the advantage of intrusion detection using neural network.