期刊名称:International Journal of Computer Science and Network Security
印刷版ISSN:1738-7906
出版年度:2009
卷号:9
期号:10
页码:198-202
出版社:International Journal of Computer Science and Network Security
摘要:Security is an important factor of the Network Protection. Zero-day attacks, new (anamolous) attacks exploiting previously unknown system vulnerabilities, have become potentially serious threats to the very existence of the Network itself . Defending against them is no easy task. However, having identified ""degree of system knowledge"" as one difference between legitimate and illegitimate users, theorists have drawn on information theory as a basis for intrusion detection. Intrusion detection systems (IDS) have become one of the most common countermeasures in the network security arsenal. But while other technologies such as firewalls and anti-virus provide proactive protection, most current IDSs are passive by nature. Most current network intrusion detection systems (NIDSs) employ either misuse detection or anomaly detection. However, misuse detection cannot detect unknown intrusions, and anomaly detection usually has high false positive rate. To overcome the limitations of both techniques, we incorporate both anomaly and misuse detection into the NIDS. The proposed approach can improve the detection performance of the NIDSs, where only anomaly or misuse detection technique is used.
Loading...
