首页 | 本学科首页   官方微博 | 高级检索  
     

用于网络入侵检测的模式匹配新方法
引用本文:樊爱京,杨照峰. 用于网络入侵检测的模式匹配新方法[J]. 计算机应用, 2011, 31(11): 2961-2964. DOI: 10.3724/SP.J.1087.2011.02961
作者姓名:樊爱京  杨照峰
作者单位:1. 平顶山学院 网络计算中心,河南 平顶山 4670022. 平顶山学院 软件学院,河南 平顶山 467002
摘    要:针对新一代网络入侵检测系统(NIDS)的创建需要先进的模式匹配引擎,提出一种模式匹配的新方案,利用基于硬件的可编程状态机技术(B-FSM)来实现确定性处理过程。该技术可以在一个输入流中同时获取大量模式,并高效地映射成转换规则。通过对网络入侵检测系统中普遍采用的规则集(Snort)进行实验,实验结果表明该方法具有存储高效、执行速度快、动态可更新等特点,可以满足NIDS的需要。

关 键 词:网络入侵检测系统  可编程状态机  模式匹配  转换规则  
收稿时间:2011-05-03
修稿时间:2011-06-21

New method of pattern-matching for network intrusion detection
FAN Ai-jing,YANG Zhao-feng. New method of pattern-matching for network intrusion detection[J]. Journal of Computer Applications, 2011, 31(11): 2961-2964. DOI: 10.3724/SP.J.1087.2011.02961
Authors:FAN Ai-jing  YANG Zhao-feng
Affiliation:1. Network Computer Center, Pingdingshan University,Pingdingshan Henan 467002, China2. School of Software Engineering, Pingdingshan University, Pingdingshan Henan 467002, China
Abstract:New generations of Network Intrusion Detection Systems (NIDS) create the need for advanced pattern-matching engines. This paper presented a new scheme for pattern-matching, which adopted a hardware-based programmable state machine technology to achieve deterministic processing rates. A lot of patterns can be obtained in one input stream by Balanced Routing Table-based FSM (B-FSM), and transition rules can be mapped effectively. Experiments had been done with Snort used widely in network intrusion detection systems. The experimental results show that the method is effective in storage, fast in operation, and renewable dynamically. The method proposed in this paper can satisfy the requirement of NIDS.
Keywords:Network Intrusion Detection System (NIDS)   Balanced Routing Table-based FSM (B-FSM)   pattern-matching   transition rule
本文献已被 CNKI 万方数据 等数据库收录!
点击此处可从《计算机应用》浏览原始摘要信息
点击此处可从《计算机应用》下载全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号