{"title":"基于案例的网络入侵检测方法","authors":"Daniel G. Schwartz, S. Stoecklin, E. Yilmaz","doi":"10.1109/ICIF.2002.1020933","DOIUrl":null,"url":null,"abstract":"This paper reports progress on creating a case-based implementation of the well-known Snort intrusion detection system. Snort is a simple rule-based system that is known to suffer limitations, including both failure to detect certain kinds of intrusions and the frequent raising of false alarms. We believe that a case-based reasoning approach can provide a framework in which to incorporate more sophisticated artificial intelligence techniques that will help overcome some of these limitations. In addition, the present system is intended to apply more generally to other aspects of network security, as well as other domains related to protecting the nation's critical infrastructure. The system is being built using the modern software engineering technique known as \"adaptive\" or \"reflective architectures,\" which will make it easily adaptable to other kinds of problem domain.","PeriodicalId":399150,"journal":{"name":"Proceedings of the Fifth International Conference on Information Fusion. FUSION 2002. (IEEE Cat.No.02EX5997)","volume":"708 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2002-07-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"27","resultStr":"{\"title\":\"A case-based approach to network intrusion detection\",\"authors\":\"Daniel G. Schwartz, S. Stoecklin, E. Yilmaz\",\"doi\":\"10.1109/ICIF.2002.1020933\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This paper reports progress on creating a case-based implementation of the well-known Snort intrusion detection system. Snort is a simple rule-based system that is known to suffer limitations, including both failure to detect certain kinds of intrusions and the frequent raising of false alarms. We believe that a case-based reasoning approach can provide a framework in which to incorporate more sophisticated artificial intelligence techniques that will help overcome some of these limitations. In addition, the present system is intended to apply more generally to other aspects of network security, as well as other domains related to protecting the nation's critical infrastructure. The system is being built using the modern software engineering technique known as \\\"adaptive\\\" or \\\"reflective architectures,\\\" which will make it easily adaptable to other kinds of problem domain.\",\"PeriodicalId\":399150,\"journal\":{\"name\":\"Proceedings of the Fifth International Conference on Information Fusion. FUSION 2002. (IEEE Cat.No.02EX5997)\",\"volume\":\"708 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2002-07-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"27\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the Fifth International Conference on Information Fusion. FUSION 2002. (IEEE Cat.No.02EX5997)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICIF.2002.1020933\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the Fifth International Conference on Information Fusion. FUSION 2002. (IEEE Cat.No.02EX5997)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICIF.2002.1020933","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A case-based approach to network intrusion detection
This paper reports progress on creating a case-based implementation of the well-known Snort intrusion detection system. Snort is a simple rule-based system that is known to suffer limitations, including both failure to detect certain kinds of intrusions and the frequent raising of false alarms. We believe that a case-based reasoning approach can provide a framework in which to incorporate more sophisticated artificial intelligence techniques that will help overcome some of these limitations. In addition, the present system is intended to apply more generally to other aspects of network security, as well as other domains related to protecting the nation's critical infrastructure. The system is being built using the modern software engineering technique known as "adaptive" or "reflective architectures," which will make it easily adaptable to other kinds of problem domain.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
