作者：闫华

作者单位：复旦大学信息办网络中心, 上海 200433

关键词：网络安全; 入侵检测; 网络管理; SNMP代理; 有限状态自动机

摘要：

在分析现有入侵检测方法及其缺陷的基础上,提出了一种基于状态机的入侵检测的SNMP代理方案。该方案利用基于有限状态自动机的协议轨迹规范语言PTSL描述入侵和攻击特征,利用Script MIB实现代理的配置,利用扩展的RMON2 MIB存储入侵检测的统计信息。最后通过试验表明,这个方案规范了攻击特征的精确描述,有效的减少了误报,实现了入侵检测系统和网络管理系统的有机结合。

Detection of intrusion status based on SNMP proxy

YAN Hua

Information Office, Fudan University, Shanghai 200433, China

Abstract: After discussing the present intrusion detection systems and methods and analyzing their defects, the author presented SNMP agent system based on intrusion status detection. The characteristics of intrusion and attack was described by protocol Trace Specification Language(PTSL)signatures, Script MIB was used to configure the intrusion detection agent. RMON2 MIB was used to store statistical information about intrusion signature occurrences. Experiment shows that attack characteristics can be precisely described and false alarms are greatly reduced. Full integration of IDS and NMS is achieved.

Keywords: Network security; Intrusion detection; Network management; SNMP agent; Finite state machine

2005, 31(5): 96-99  收稿日期: 2005-1-19;收到修改稿日期: 2005-3-7

基金项目: 

作者简介: 闫华(1961-),女,副教授,主要从事网络安全和网络管理、通信工程研究。

参考文献

[1] S. R. Bellovin, M. N. Leech, and T. B. Taylor. Smurf IP Denial -of-Service Attacks[M]. CERT Coordination Center, 1998.
[2] P. Ferguson, and D. Senie. Network Ingress Filtering:Defeating Denial of Service Attacks Which Employ IP Source Address Spoofing, 9th USENIX Security Symposium[M], 2000.
[3] 于以序, 何艳敏.实时嵌入式软件测试研究[J].中国测试技术, 2004, 30(5):3-6.
[4] 黄娅, 胡昌振.基于Multi-agent的入侵检测及其融和结构研究[J].信息与电子工程, 2004, 55(1):5-6.
[5] 费洪晓, 康松林, 施荣华.基于SNMP的网络应用软件监控系统设计与实现[J].计算机工程与应用, 2004, 40(15):122-125.
[6] 赵小林, 马锐.网络入侵特征的关联检测算法[J]. 计算机工程, 2004, 30(24):96-98.