grids--a graph-based intrusion detection system for large networksnew

《grids--a graph-based intrusion detection system for large networksnew》由會(huì)員上傳分享，免費(fèi)在線閱讀，更多相關(guān)內(nèi)容在教育資源-天天文庫(kù)。

1、GrIDS{AGraph-BasedIntrusionDetectionSystemforLargeNetworksMarch4,1996AbstractThereiswidespreadconcernthatlarge-scalemaliciousattacksoncomputernet-workscoulddisruptacountry'seconomyandposeathreattoitsnationalsecurity.WepresentthedesignofGrIDS(Graph-BasedIntrusionDetectionSystem).GrIDSwi

2、llcollectdataaboutactivityoncomputersandnetworktracbetweenthem.Itwillaggregatethisinformationintoactivitygraphswhichapproximatelyrepresentthecausalstructureofnetworkactivity.Thiswillallowlarge-scaleautomatedattackstobedetectedinnearreal-time.Inaddition,GrIDSwillallownetworkadministrat

3、orstostatepoliciesspecifyingwhichusersmayuseparticularservicesofindividualhostsorgroupsofhosts.Byanalyzingthecharacteristicsoftheactivitygraphs,GrIDSwilldetectandreportviolationsofthestatedpolicy.GrIDSwilluseahierarchicalreduc-tionschemeforitsgraphs,whichwillallowittoscaletolargenetwor

4、kapplications.AnearlyprototypeofGrIDShassuccessfullydetectedawormattack.Keywords:Intrusiondetection,networks,informationwarfare,computersecurity,graphs.1Introduction1.1BackgroundDevelopedcountriesareincreasinglydependentontelephoneandcomputernetworksforallaspectsoftheirdailylife.IntheU

5、nitedStates,thetelephonenetworkhaslongbeencriticalformilitarycommu-nicationandemergencyciviliancommunication(911).NinetypercentofU.S.governmenttelephoneserviceisprovidedbycommercialnetworks[1],includingmuchtracofmilitarysignicance.TheInternetandotherTCP/IPnetworksarebecomingincreasin

6、glyimportantbothtocommerceandtothegovernment.ManyorganizationsarestartingtousetheWorldWideWebasaprimarymeanstodisseminateinformation,bothinternallyandexternally.Electroniccommerce,wherenancialtransactionsareconductedviatheInternet,willbeinwidespreadusewithinafewyears.Boththepublictele

7、phonenetworksandtheInternetarebasedonfundamentallyinsecureprotocolsandtechnology.Theyarealsointimatelyconnected:manytelephoneswitches1arealsocomputersystemsattachedtotheInternet,andthereislittlesecurityprotectingthoseswitches.Anattackercanmanipulatethematwill,misroutingcallsandpotent