【摘要】
入侵检测系统(Intrusion Detection System,IDS)是基于入侵检测技术的系统,入侵检测是继“防火墙”、“数据加密”等传统安全保护措施后新一代的安全保障技术。它对计算机和网络资源上的恶意使用行为进行识别和响应,它不仅检测来自外部的入侵行为,同时也监督内部用户的未授权活动,以实现对整个网络资源的保护。
本文将对入侵检测系统做一个简单介绍,并附带一个模型,还对win2000中的日志做了较为详细的分析!
【Summary 】
Intrusion detection system( System, Detection of Intrusion,, IDS) on the basis of Intrusion system of detection technique, Intrusion and measure and continue" fire wall"," data encrypt" security technology of new generation after the traditional safe protective measure. It use the behavior to discern and respond to computer and network evil intention of resource, It measure and come from external invasion behavior, supervise inside mandate activity of user at the same time, In order to realize the protection of resources of the whole network. To Intrusion this text detection system make a simple introduction, and attach a model, Daily record in win2000 it makes to be comparatively detailed analysis also!
目录
第一章入侵检测的综述
1980年,James Aderson首先提出了入侵检测的概念,他将入侵尝试(Intrusion Attempt)或 威胁(Threat)定义为:潜在的、有预谋的、未经授权的访问信息、操作信息,致使系统不可 靠或无法使用的企图。他提出审计追踪可应用于监视入侵威胁。但这一设想的重要性当时并未被理解。