| 协议分析与模式匹配相结合的IDS的设计研究 |
| |
| 引用本文: | 周慧芳,张亚玲,王尚平,谢宁,马宏亮. 协议分析与模式匹配相结合的IDS的设计研究[J]. 信息技术, 2007, 31(8): 14-17,87 |
| |
| 作者姓名: | 周慧芳 张亚玲 王尚平 谢宁 马宏亮 |
| |
| 作者单位: | 西安理工大学密码理论与网络安全研究室,西安,710048 |
| |
| 基金项目: | 国家自然科学基金;陕西省教育厅资助项目 |
| |
| 摘 要: | 分析了传统的模式匹配和协议分析检测方法的优缺点。使用协议分析和模式匹配相结合的入侵检测技术,设计与实现了一个网络入侵检测系统。该系统中,利用Libpcap函数库实现网络数据包的捕获,采用内存映射技术来提高数据包捕获效率;应用改进后的Tuned BM模式匹配算法,提高模式匹配的速度,减少比较的次数。这样的体系设计可以减少计算量,提高算法的效率,并通过协议分类减少不必要的误报率。
|
| 关 键 词: | 入侵检测 协议分析 模式匹配 |
| 文章编号: | 1009-2552(2007)08-0014-04 |
| 修稿时间: | 2006-12-25 |
Design of intrusion detection system based on the combination of protocol analysis and pattern matching |
| |
| ZHOU Hui-fang,ZHANG Ya-ling,WANG Shang-ping,XIE Ning,MA Hong-liang. Design of intrusion detection system based on the combination of protocol analysis and pattern matching[J]. Information Technology, 2007, 31(8): 14-17,87 |
| |
| Authors: | ZHOU Hui-fang ZHANG Ya-ling WANG Shang-ping XIE Ning MA Hong-liang |
| |
| Abstract: | This article analyzes the virtue and flaw of traditional pattern matching and protocol analysis intrusion detection technique. It designed and implemented a intrusion detection system based on the combination of protocol analysis and pattern matching . In this system, the libpcap function is used to capture the network packet and the MMAP is used to improve efficiency, the improved Tuned BM pattern matching algorithm is used to improve rates, and reduce times of comparing, the design of the system can greatly reduce the computation, improve efficiency of algorithm, and reduce the unnecessary misinformation rates by protocol. |
| |
| Keywords: | IDS MMAP |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
