Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > invades the examination > Content
Hot Articles
Based on CallStack count
Security precious book m
Bypasses the web key wor
How to use double WAN ro
Only opens 80 port's saf
pcshare official net exa
Uses IDS/IPS effectively
The invasion examination
pcshare official net exa
Making network security
The invasion examination
Serv-U bounce attack and
IDS invasion examination
php.ini explains in deta
Invasion examination + f
Recommend Articles
Only opens 80 port's saf
Bypasses the web key wor
Bypasses the CallStack f
Security precious book m
Based on CallStack count
pcshare official net exa
SQL Server SA idle talk
Honey jar and honey net
The invasion examines th
Four next generation inv
An accidental invasion e
The invasion examines (I
How to use IDS to invade
The invasion examination
A winding safe examinati
New Articles
To a Jinshan poisonous t
I to a some hacker techn
Carries on the safe exam
To some senior Technical
To a some agricultural s
health.china.com's frien
To a Jiangxi some teleco
To Tsinghua University's
To Tsinghua University's
To a some software compa
Uses Snort1.7
After the system suffers
The distributional invas
Surveys the LKM back doo
After one time by DNS at
Introduction invasion examination concept, process analysis and disposition (figure)
  Add date: 09/11/2008   Publishing date: 09/11/2008   Hits: 1
Total 4 pages, Current page:1, Jump to page:
 
1st, invades the examination the basic concept
  
  The invasion examination is refers to " through the information which to the behavior, the security log either in the audit data or other networks may obtain carries on the operation, examines the attempt which intrudes to the system or intrudes " (to see also GB code GB/T18336). The invasion examination is the discipline which the examination and the response computer misuse, its function including deterrent, the examination, the response, the loss situation appraisal, the attack forecasts and sues the support. The invasion examination technology is to guarantee that computer system's security designs and the disposition one kind can discover and in promptly the reporting technology system authorized or the abnormal phenomenon technology, is one kind uses in examining in the computer network to violate the security policy behavior the technology. Carries on the invasion examination the software and hardware's combination is invades the examination system (Intrusion Detection System, is called IDS).
  
  2nd, invasion examination system's historical development
  
  in 1980 JamesP.Anderson, in gives a topic which a security customer writes is "Computer security Threat monitoring And Surveillance" in the fitness report pointed out that the audit record may use in distinguishing the computer to misuse, he has carried on the classification to the threat, first time elaborated the invasion examination concept in detail. 1984 to 1986 Georgetown University's DorothyDenning and SRI Corporation computer science laboratory's PeterNeumann studied real-time invasion examination system model - IDES (Intrusion Detection Expert the Systems invasion to examine expert system), was first has utilized statistical and based on the rule two kind of technology system in an application, was invades in the examination research the most influential system. in 1989, UC Davies branch school's Todd Heberlein has written a paper "A Network SecurityMonitor", this monitor uses in catching the TCP/IP grouping, first time originates directly the network flows as the audit data, thus may, in not will audit the data conversion consolidation form in the situation to monitor the heterogeneous main engine, the network invasion examination henceforth is born.
  
  3rd, system model
  
  For the solution invasion examination system's between interoperability, some research organization internationally has done the standardized work, at present carries on the standardization to IDS to work has two organizations: IETF Intrusion Detection Working Group (IDWG) and Common Intrusion Detection Framework (CIDF).
  
  The CIDF early time by the United States Department of Defense Advanced studies Plan Bureau support research, is responsible now by the CIDF work team, is an opening organization. CIDF elaborated an invasion examination system (IDS) general model. It divides into an invasion examination system the following module: The event producer (Event generators), expressed with the E box; The event analyzer (Event analyzers), expressed with a box; The response unit (Responseunits), expressed with the R box; The event database (Event databases), expressed with the D box.

 
Other pages: : 1 * 2 * 3 * 4 * Next>>
Prev:Safe must be initiative, invasion examination high-quality goods recommendation (figure) Next:[splendid] invades examination system FAQ (entire)

Comment:

Category: Home > invades the examination
Home