Journal of Software:2001.12(2):225-232

(清华大学 信息网络工程研究中心,北京 100084)
A Distributed Intrusion Detection System and Its Apperception Ability
CHEN Shuo,AN Chang-qing,LI Xue-nong
Chart / table
Similar Articles
Article :Browse 2732   Download 2826
Received:September 08, 1999    Revised:November 23, 1999
> 中文摘要: DIDAPPER(distributedintrusiondetectorwithapperception)系统是一种具有认知能力的分布式入侵检测系统.分布式结构、认知能力和知识的共享是该系统的重要特点.重点讨论了DIDAPPER系统的认知能力.流量标本和IP陷阱是DIDAPPER系统所提出的新概念.它们可以获取和识别异常的流量数据,而且适合于检测大规模网络攻击行为.DIDAPPER系统的认知能力的另一个方面是神经网络的模式识别方法.将具有自学习能力的BP网络应用于流量分析,很好地解决了流量模式的识别问题.
Abstract:The DIDAPPER (distributed intrusion detector with apperception) system presented in this paper is a distributed intrusion detector with apperception. The distributed architecture, the apperception ability and the sharing of knowledge are evident characteristics of the DIDAPPER. This paper focuses on the apperception ability of DIDAPPER. Traffic specimens and IP traps are DIDAPPER's new concepts, which can capture and recognize abnormal traffics and are suitable for monitoring the large scale network attacks. The other aspect of DIDAPPER's apperception ability comes from the neural network algorithm. The BP neural network with learning ability has been applied to traffic analysis, and shows good effect on the recognition of traffic patterns.
文章编号:     中图分类号:    文献标志码:
基金项目:国家863高科技发展计划资助项目(863-317-01-99) 国家863高科技发展计划资助项目(863-317-01-99)
Foundation items:
Reference text:


CHEN Shuo,AN Chang-qing,LI Xue-nong.A Distributed Intrusion Detection System and Its Apperception Ability.Journal of Software,2001,12(2):225-232