【摘要】 近年来,入侵检测已成为网络安全领域的热点课题。异常检测和误用检测是入侵检测的主要分析方法,前者包括统计分析、模式预测、神经网络、遗传算法、序列匹配与学习、免疫系统、基于规范、数据挖掘、完整性检查和贝叶斯技术,后者包括专家系统、基于模型、状态转换分析、Petri网络、协议分析和决策树,其它还有报警关联分析、可视化和诱骗等分析技术。入侵检测系统的体系结构分为集中式结构和分布式结构,高性能检测技术、分布式构架、系统评估、标准化和安全技术融合是其今后重要的发展方向。更多还原

【Abstract】 Recently,intrusion detection has become a hot topic in network security.There aretwo basic analysis approaches in intrusion detectionthat are anomaly detectionand misuse detection.The formerincludesstatistical analysis,predictive pattern generation,neural network,genetic algorithm,sequence matching and learning,immunologic system,specification-based,data mining,integrity checker and Bayesian technology;the latterincludesexpert system,model-based,state transition analysis,Petri net,protocolanalysis and decision tree.There are also other analysis techniques such as alerts correlation analysis,visualization and trap.Intrusion detection system(IDS)has twokinds of architectures that are centralized architecture and distributed architecture.The main prospects ofintrusion detectionfor future improvement are high-powered detection,distributed architecture,evaluation,standardization and security technology fusion.更多还原