| Snort的高效规则匹配算法 |
| |
| 引用本文: | 谷晓钢,江荣安,赵铭伟.Snort的高效规则匹配算法[J].计算机工程,2006,32(18):155-156. |
| |
| 作者姓名: | 谷晓钢 江荣安 赵铭伟 |
| |
| 作者单位: | 大连理工大学电信学院计算机系,大连,116023 |
| |
| 摘 要: | 对入侵检测系统Snort的规则匹配算法进行了系统的分析,为了进一步提高Snort的规则匹配效率,提出了在匹配过程中,对于条件匹配处理函数应用参数链表驱动的方法。从而避免重复调用处理函数,充分利用参数之间的关系,并能动态地减少无效规则的匹配。通过两个实验来评估此方法的效率,结果表明改进方案较明显地提高了Snort的检测性能。
|
| 关 键 词: | 基于网络的入侵检测系统 规则匹配 参数驱动 |
| 文章编号: | 1000-3428(2006)18-0155-02 |
| 收稿时间: | 2005-12-06 |
| 修稿时间: | 2005-12-06 |
Efficient Rule-matching Algorithms on Snort |
| |
| GU Xiaogang,JIANG Rongan,ZHAO Mingwei.Efficient Rule-matching Algorithms on Snort[J].Computer Engineering,2006,32(18):155-156. |
| |
| Authors: | GU Xiaogang JIANG Rongan ZHAO Mingwei |
| |
| Affiliation: | Department of Computer, School of Electronic Information Engineering, Dalian University of Technology, Dalian 116023 |
| |
| Abstract: | This paper systematically analyzes the rule matching algorithm of Snort, an open source-code NIDS. In order to increase effectively the rule matching speed, an approach of parameter-list-driven is proposed for the conditional checking subroutine during rule matching. The means can avoid repeatedly invoking the checking subroutines, can utilize relationship between parameters, and can significantly reduce invalid rules in the running time. Finally, two experiments are done for evaluating the efficiency of it. The result shows the approach can greatly improve the detecting performance of Snort. |
| |
| Keywords: | NIDS Rule matching Parameter-driven |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载全文 |
|
