文档介绍：上海交通大学工程硕士研究生学位论文
ABSTRACT

With the development puter technology and the explosion of ,
computer security es more and more important. Annual reports from the
Computer Emergency Response Team (CERT) indicate a significant increase in
the number puter security incidents each year.
A narrower definition puter security (or information security) is based
on the realization of confidentiality, integrity, availability and controllability in a
computer system. There are many measures puter security, such as
access control, encryption, auditing, authentication, etc. However, completely
preventing breaches of security appear, at present, unrealistic. We can, however,
try to detect these intrusion attempts so that action may be taken to repair the
damage later. This field of research is called Intrusion Detection. An intrusion is
defined as any set of actions that attempt promise the integrity,
confidentiality, availability, or controllability of a resource. Intrusion detection is
defined as "the problem of identifying individuals who attempt to use puter
system without authorization and those who have legitimate access to the
system but are abusing their privileges". An intrusion detection system (IDS) is a
computer system that attempts to perform intrusion detection. Coordinated
intrusion detection gives emphasis on the finding the relations among the
intrusion events, which may are initiated by different attackers from different
hosts at different time.
In Chapter 1, related term and related concepts are introduced, such as
Computer Security, Network Security and Intrusion Detection.
In Chapter 2, the classification of intrusion detect is introduced in detail.
Then the work done by some anization (CIDF and IDWG) is
introduced. In the end, we discuss the distributed IDS and divide it into two
categories.
In Chapter 3, the concept of attack trees is introduced first. Then based on
the attack tree model, an atta