基于r-连续位匹配规则的入侵检测研究

检测器匹配规则和匹配概率是入侵检测系统中构建检测器集和检测器进行有效检测的重要依据。Hofmeyr曾经提出一个基于r-连续位匹配规则的匹配概率分布公式,这个公式在构建检测系统时被广泛使用,但这个公式存在误差。因此提出一个更准确的基于该匹配规则的匹配概率分布公式将对入侵检测系统性能的改进有重要意义。从对这个匹配公式中两个参数r和l的取值范围分析可以得出影响入侵检测系统性能的某些因素。一个实现快速r-连续位匹配的算法的提出,解决了系统进行匹配运算时的时间开销问题。

Intrusion Detection Research Based on r-contiguous Bits Match Rule

A more exact/correct probability expression is bright,which calculates the probability for a match between two randomly chosen strings based on the r-contiguous bits match rule.The probability is an important constituent of much work on an Intrusion Detection System(IDS).With a coefficient matrix Aij presented,the exact probability expression modifies an error in Hofmeryr's probability expression using the match rule,which is quoted widely in the IDS.According to the expression,the values of two parameters,r and l,will affect directly the match probability,and also be effective for modeling the receptor of detector set.So it is important to analyse the region of the parameters.Finally the speed of r-contiguous bits match rule algorithm will be presented.This is necessary because the r-contiguous match function is called once for each detector which is to test for recognition of each and every agent(connection)the program monitors.