【摘要】 传统的入侵检测系统通常需要对攻击预先了解,在流量分析和异常检测方面存在不足。该文提出一种新的基于流的统计分析模型,通过构建网络的行为特征库,实时监测和发现网络异常,基于该分析技术设计和实现了一个网络监控系统原型。该原型可以监测和发现网络中可疑代码,并进行实时跟踪。更多还原

【Abstract】 Traditional Intrusion Detection Systems(IDSs) requires prior knowledge of attacks, loses effectiveness in flow analysis and abnormity detection. This paper proposes a new flow-based network behavior analysis model, which monitors and detects abnormity of network by building up a network behavior features base for each host. Based on this technology, a network monitor prototype system is designed and implemented. The system can detect malicious codes and track them in real time.更多还原