一种入侵防御系统性能分析方法

doi:10.3969/j.issn.1671-1122.2015.09.011

信息网络安全 ›› 2015, Vol. 15 ›› Issue (9): 46-49.doi: 10.3969/j.issn.1671-1122.2015.09.011

一种入侵防御系统性能分析方法

刘伟¹, 李泉林², 芮力¹

1.92664部队,山东青岛 266031;
2.燕山大学经济与管理学院,河北秦皇岛 066004

收稿日期:2015-07-15 出版日期:2015-09-01
通讯作者: 刘伟 xflw1001@163.com E-mail:xflw1001@163.com
作者简介:刘伟（1979-）,女,山东,工程师,博士,主要研究方向：网络安全;李泉林（1964-）,男,河北,教授,博士,主要研究方向：随机模型、排队论、计算机网络、物流与供应链管理等;芮力（1969-）,男,湖北,工程师,博士,主要研究方向：网络安全、雷达维修、信号处理。
基金资助:
国家自然科学基金[71271187,71471160]

A Performance Analysis Method for Intrusion Prevention System

LIU Wei¹, LI Quan-lin², RUI Li¹

1. No.92664 Troop, Qingdao Shandong 266031, China;
2. School of Economics and Management Sciences, Yanshan University, Qinhuangdao Hebei 066004, China

Received:2015-07-15 Online:2015-09-01

摘要/Abstract

摘要： 入侵防御系统是一种重要的安全防护措施,用于抵御针对信息系统的恶意攻击。但是不恰当的系统配置会对网络性能产生负面影响,如增大端到端延迟或数据包丢失率。大多数研究者关注的是提出新的入侵防御系统,分析其所使用的机器学习算法,而忽视对入侵防御系统本身性能的量化分析。文章将系统看作是一个拟生灭过程,通过建立二维的马尔可夫链模型,求得其稳定概率分布来计算一些重要的性能指标。实验证明利用文章所提出的通用分析方法可以有效评价系统性能,同时也间接证明了模型的正确性。

关键词: 入侵防御系统, 马尔可夫链模型, 性能分析

Abstract: Intrusion prevention system (IPS) is a crucial defensive measure against malicious attacks to information system. However, the improper IPS configuration can have a negative impact on network performances in terms of end-to-end delay or packets loss. Most researchers mainly focus on putting forward new IPS and analyzing the different methodologies, but ignoring the research of quantitative analysis on IPS. By analyzing the system as a quasi-birth-and -death process, this paper obtains the steady probabilities distribution to compute some important indices by establishing a two-dimensional Markov chain model. The experimental results prove that the general analytical method can effectively evaluate the performances of IPS, and also testify the correctness of the model indirectly.

Key words: intrusion prevention system, Markov chain mode, performance analysis

中图分类号:

TP309

刘伟, 李泉林, 芮力. 一种入侵防御系统性能分析方法[J]. 信息网络安全, 2015, 15(9): 46-49.

LIU Wei, LI Quan-lin, RUI Li. A Performance Analysis Method for Intrusion Prevention System[J]. 信息网络安全, 2015, 15(9): 46-49.

参考文献

[1] 曾颖.军队级入侵防御系统中数据通信与监控技术研究[D].成都：电子科技大学,2012.
[2] 赵婷,吴其聪.入侵检测产品及入侵防御产品现状[J].信息网络安全,2007,（3）:39-40.
[3] 陈观林,冯雁,王泽兵.分布式无线入侵防御系统预先决策引擎研究[J].电信科学. 2010,（10）：80-86.
[4] 舒泽萍,张鹰.基于分布式联动技术的网络安全分析[J].信息网络安全,2007,(7):24-26.
[5] Agarwal M,Biswas S, Nandi S. Detection of De-authentication Denial of Service attack in 802.11 networks[EB/OL].http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=6726015&url=http%3A%2F%2Fieeexplore.ieee.org%2Fxpls%2Ficp.jsp%3Farnumber%3D6726015,2015-05-20.
[6] Dr. Alaa Al-hamami,Tahani Alawneh. Developing a Host Intrusion Prevention System by Using Data Mining[C]// 2012 International Conference on Advanced Computer Science Applications and Technologies:409-413.
[7] 刘杰,方勇,李哲,等. 基于主机的入侵检测系统分析[J].信息网络安全,2002,(9):30-31.
[8] Ekgapark Wonghirunsombat, Teewalee Asawaniwed, Vassapon Hanchana, et al. A Centralized Management Framework of Networkbased Intrusion Detection and Prevention System[C]// 2013 10th International Joint Conference on Computer Science and Software Engineering (JCSSE)183-188.
[9] 万召文,徐慧.具有认知功能的入侵防御系统研究与设计[J].计算机工程与设计,2013,34 （10）：3431-3435.
[10] 李刚,薛一波,汪东升.一个千兆网络入侵防御系统的设计与实现[J].小型微型计算机系统,2006,27（11）：2025-2029.
[11] Tomášek M, Čajkovský M, Klimek I. Cloud-Centric Application Tracing and User Monitoring Intrusion Prevention System[C]//INES 2013 · IEEE 17th International Conference on Intelligent Engineering Systems · June 19-21, 2013, Costa Rica:339- 343.
[12] Yudai Kato, Yuji Makimoto, Hironori Shirai, et al. Monitoring Library Function-based Intrusion Prevention System with Continuing Execution Mechanism[C]//2010 IEEE/IFIP International Conference on Embedded and Ubiquitous Computing:548-554.
[13] 李艺颖,邓皓文,王思齐,等. 基于机器学习和NetFPGA的智能高速入侵防御系统[J].信息网络安全,2014,(2):12-19.
[14] Wattanapongsakorn N, Wonghirunsombat E, Assawaniwed T, et al. A Network-based Internet Worm Intrusion Detection and Prevention System[EB/OL].http://xueshu.baidu.com/s?wd=A+Network-based+Internet+Worm+Intrusion+Detection+and+Prevention+System&rsv_bp=0&tn=SE_baiduxueshu_c1gjeupa&rsv_spt=3&ie=utf-8&f=8&rsv_sug2=1&sc_f_para=sc_tasktype%3D%7BfirstSimpleSearch%7D&rsv_n=2,2015-05-20.
[15] Wattanapongsakorn N, Srakaew S, Wonghirunsombat E, et al. A Practical Network-based Intrusion Detection and Prevention System[C]//2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications:209-214.
[16] 郑林,陈蜀宇,石振明.基于贝叶斯分类的入侵防御系统报警研究[J].计算机工程与设计. 2008,29（14）：3620-3622.
[17] Muna Elsadig, Azween Abdullah, Brahim Belhaouari Samir. Immune Multi Agent System for Intrusion Prevention and Self Healing System Implement a Non-Linear Classification[EB/OL]. http://www.researchgate.net/publication/224171611_Immune_multi_agent_system_for_intrusion_prevention_and_self_healing_system_implement_a_non-linear_classification,2015-05-20.
[18] Yaping Jiang, Junlin Chang. Intrusion Prevention System Base on Immune Vaccination[C]//2009 Second International Conference on Intelligent Computation Technology and Automation:350-353.
[19] 潘仰峰,刘渊.基于数据挖掘的入侵防御研究[J].计算机工程与设计,2007,28（1）：56-58.
[20] 张焕,曹万华,冯力,等.一种基于邻近距离的分布式入侵防御系统模型[J].计算机科学,2009,36（9）：55-58.
[21] David Mudzingwa, Rajeev Agrawal. A study of Methodologies used in Intrusion Detection and Prevention Systems (IDPS)[EB/OL]. http://www.researchgate.net/publication/234082442_A_study_of_methodologies_used_in_intrusion_detection_and_prevention_systems_(IDPS),2015-05-20.
[22] Padmashani R, Shiju Sathyadevan, Devi Dath. BSnort IPS[C]//2012 12th International Conference on Intelligent Systems Design and Applications (ISDA):46-49.
[23] Cheng-Yuan Ho, Yuan-Cheng Lai, I-Wei Chen, et al. Statistical Analysis of False Positives and False Negatives from Real Traffic withIntrusion Detection/Prevention Systems[J]. IEEE Communications Magazine, 2012,(3):146-154.
[24] 周熠.网络攻击方法剖析与防卫措施的研究与探讨[J].信息网络安全,2007,(9):37-40.
[25] 李天目,仲伟俊,梅妹娥.入侵防御系统管理和配置的检查博弈分析[J].系统工程学报,2008,（5）：589-595.

一种入侵防御系统性能分析方法

A Performance Analysis Method for Intrusion Prevention System

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 3

编辑推荐

Metrics

本文评价

[1]	何慧虹, 王勇, 史亮. 分布式环境下基于ZooKeeper服务的数据同步研究[J]. 信息网络安全, 2015, 15(9): 227-230.
[2]	王学;李学新;周智鹏;袁耀文. S2E测试平台及并行性能分析[J]. , 2012, 12(7): 0-0.
[3]	姚小兵. 入侵检测系统在电子商务中的应用研究[J]. , 2011, 11(4): 0-0.