摘要： 建立一种新型分布式入侵防御模型并进行应用示例，该模型的知识库采用基于接口的模块化本体，防御方法采用上下文相关的策略。模块化本体能有效克服单一本体推理效率低、扩展性差等缺点，而在模块化本体中采用接口的方法有利于模块的独立进化和灵活配置。本体模块通过发送事件消息能够高效、及时地进行知识更新。

关键词: 入侵防御系统, 模块化本体, 上下文相关策略, 语义网规则语言

Abstract: A novel distributed intrusion prevention system model is presented and a use case scenario is given. The model uses interface-based modular ontology as knowledge base and context-depending policy as intrusion prevention method. As opposed to a monolithic approach, the modular ontology has advantages of good extensibility, high-efficient reasoning, etc. Moreover, ontology modules can be developed independently and configured flexibly through the notion of interfaces. By sending incident messages, ontology modules can update their knowledge more promptly and efficiently.

Key words: intrusion prevention system, modular ontology, context-depending policy, Semantic Web Rule Language(SWRL)

中图分类号: 

• TP393.08