Multi-layered based network security defense system
通信学报2007年第7期 页码:61-69
作者机构:
1. 南京邮电大学计算机学院
2. 南京邮电大学计算机技术研究所,江苏,南京,210003
作者简介:
基金信息:
DOI:
中图分类号:TP393.08
纸质出版日期:2007
稿件说明:
移动端阅览
基于多层检测的网络安全防范系统[J]. 通信学报, 2007,(7):61-69.
Multi-layered based network security defense system[J]. 2007, (7): 61-69.
基于多层检测的网络安全防范系统[J]. 通信学报, 2007,(7):61-69.DOI:
Multi-layered based network security defense system[J]. 2007, (7): 61-69.DOI:
基于多层检测的网络安全防范系统
摘要
提出了一种基于多层的网络安全防范系统
该系统采用多层检测技术:在IP层采用基于聚集的拥塞控制算法(ABCC)
通过限制拥塞信号的宽度
使间接损害达到最小;然后在TCP和UPD层采用基于人体免疫原理的检测技术AIPT
通过建立规则集
将来自网络访问活动与规则集中的规则匹配
以检测出网络入侵行为。仿真实验结果表明
基于本模型的系统不仅能合理地缓解DoS/DDoS攻击
而且能够解决现有的防范系统中高误报率和漏报率以及实时性差、人工干预多的问题。
Abstract
A multi-layered based network security defense system(MNSDS) was presented.MNSDS adopts multi-layered detection technology: for the detection of IP layer
aggregate-based congestion control algorithm(ABCC) was adopted
narrowing the congestion signature
and thus minimizing collateral damage;then
it employs the detection technology based on the artificial immune principle in TCP and UDP layers AIPT
and detects intrusion by creating a rule database and matching the appropriate rule.The simulation results indicate that the system not only can provide relief from DoS/DDoS attacks equally
but also resolve problems existing in the current defense systems such as low speed high false positive probability and high false positive probability
京公网安备11010802024621