节点文献
一种基于自治域的协同入侵检测与防御机制
Cooperative intrusion protection based on security zone
【摘要】 针对日益严重的大规模网络攻击,提出一种基于自治域的协同入侵检测与防御机制,将受保护网络划分为具有层次结构的安全自治域,在自治域内采用对等结构(P2P)进行分布式检测和防御,同时通过安全策略描述协同关系、控制安全域内和域间的协同检测防御,将协同范围限制在与攻击相关的网络区域内,避免不必要的大范围协同通信,降低协同检测和防御带来的网络开销.模拟测试表明,该机制有效实现了协同通信延迟和通信负载的平衡.
【Abstract】 This paper presents a novel cooperative intrusion protection mechanism based on security zone to detect and prevent the mass attacks on the network.It adopted a mixed architecture,which contains both hierarchy structure and P2P structure,by dividing the network into a lots of security zones,so that it can scale easily to protect a very large network.The cooperation during the detection and response is controlled by security policy,so that redundant communication aroused by unwanted cooperation is suppressed and the cost is reduced.The simulation under NS2 shows that it makes a proper balance between the cooperation time lag and communication cost.
【Key words】 network security; security zone; cooperative detection; peer to peer;
- 【文献出处】 华中科技大学学报(自然科学版) ,Journal of Huazhong University of Science and Technology(Nature Science Edition) , 编辑部邮箱 ,2006年12期
- 【分类号】TP393.08
- 【被引频次】14
- 【下载频次】204