排序方式: 共有95条查询结果,搜索用时 0 毫秒
11.
针对新一代网络入侵检测系统(NIDS)的创建需要先进的模式匹配引擎,提出一种模式匹配的新方案,利用基于硬件的可编程状态机技术(B-FSM)来实现确定性处理过程。该技术可以在一个输入流中同时获取大量模式,并高效地映射成转换规则。通过对网络入侵检测系统中普遍采用的规则集(Snort)进行实验,实验结果表明该方法具有存储高效、执行速度快、动态可更新等特点,可以满足NIDS的需要。 相似文献
12.
Snort报文嗅探和报文解析实现的剖析 总被引:2,自引:0,他引:2
Snort是目前最受关注的一个代码开放网络入侵检测系统(NIDS)。报文嗅探是其最基本也是最重要的部分。该文分析了Snort报文嗅探器的工作方式和工作过程,对Snort报文嗅探和报文解析的实现进行了分析。 相似文献
13.
14.
基于反馈信息加速Snort规则匹配的研究与实现 总被引:2,自引:0,他引:2
实验表明某一类型的网络攻击事件在相对集中的时间内相对活跃,此外都相对沉寂。对于基于特征的开源入侵检测系统Snort来说,如何提高速度以适应高速网络的发展是关键。文中对Snort的规则匹配算法及其多种改进算法进行比较分析,提出了一种利用反馈攻击入侵频度及老化因子的新算法,在消除入侵频度记录历史影响的基础上,实时的更新规则匹配顺序,从而提高规则的匹配速度。 相似文献
15.
ABSTRACTIntrusion detection systems are one of the necessities of networks to identify the problem of network attacks. Organizations striving to protect their data from intruders are often challenged by attackers, who find new ways to attack and compromise the security of the network. The detection process becomes quite difficult while dealing with high-speed and distributed attacks that are performed using botnets. These attacks threat both the confidentiality of legitimate users and the infrastructure of the network and to protect them, early discovery of network attacks is important. In this paper, an open source Intrusion Detection System (IDS), Snort is presented as a solution to detect DoS and Port Scan network attacks in a high-speed network. A set of custom rules has been proposed for Snort to detect DoS and Port Scan attacks in high-speed network. The rules are compared and tested using different attack generators like Scapy, Hping3, LOIC and Nmap. Snort’s efficiency in detecting the DoS and Port Scan attacks using the new rules is experimentally proved to be around 99% for all the attacks except for Ping of Death. The proposed system works well for different attack generators in a high-speed network. 相似文献
16.
17.
翁广安 《计算机工程与应用》2014,(12):96-99,119
为解决目前网络负载异常入侵检测领域缺乏有效、针对性的测试数据集的问题,提出一种基于虚拟关键字的构造模拟网络数据集的方法。并用它对基于字节频度分布的异常检测模型进行了测试分析。实验结果表明,模拟数据集提供了一种负载内容异常程度可控的测试数据集;检测阈值和网络环境的数据特性包括数据包尺寸分布情况、异常和正常访问相对于训练数据的偏离程度等有关。单包频度分布模型相比连接模型对负载数据异常程度的变动有更好的灵敏度。 相似文献
18.
Network Intrusion Detection Systems (NIDS) play a fundamental role on security policy deployment and help organizations in protecting their assets from network attacks. Signature-based NIDS rely on a set of known patterns to match malicious traffic. Accordingly, they are unable to detect a specific attack until a specific signature for the corresponding vulnerability is created, tested, released and deployed. Although vital, the delay in the updating process of these systems has not been studied in depth. This paper presents a comprehensive statistical analysis of this delay in relation to the vulnerability disclosure time, the updates of vulnerability detection systems (VDS), the software patching releases and the publication of exploits. The widely deployed NIDS Snort and its detection signatures release dates have been used. Results show that signature updates are typically available later than software patching releases. Moreover, Snort rules are generally released within the first 100 days from the vulnerability disclosure and most of the times exploits and the corresponding NIDS rules are published with little difference. Implications of these results are drawn in the context of security policy definition. This study can be easily kept up to date due to the methodology used. 相似文献
19.
在高速网络环境下,数据流的高速化使得网络入侵检测系统往往会出现严重的漏报率,针对此性能瓶颈,提出了一种基于预测的并行入侵检测系统的负载均衡方案。该方案主动测量各探测器的负载为预测依据,采用混沌时间序列的全域预测法为预测手段,利用预测的负载值为负载均衡的根据。通过仿真实验,证明了该方案的可行性及有效性,它能有效地均衡负载、减少系统的丢包率。 相似文献
20.
Snort是一个功能强大的轻量级的NIDS,它能够检测出各种不同的攻击方式,并能对攻击进行实时警报。然而,Snort对DHCP Flood攻击的检测存在着明显的缺陷。在入侵检测系统Snort的基础上,通过设计预处理插件,实现了对DHCP Flood攻击的检测。 相似文献