| 一种基于正则表达式匹配的协议分析异常检测方法 |
| |
| 引用本文: | 陆虎,宋余庆,薛万宇,徐景.一种基于正则表达式匹配的协议分析异常检测方法[J].计算机应用与软件,2008,25(3):89-90,107. |
| |
| 作者姓名: | 陆虎 宋余庆 薛万宇 徐景 |
| |
| 作者单位: | 1. 江苏大学计算机与通信工程学院,江苏,镇江,212013
2. 南京理工大学计算机系,江苏,南京,210094 |
| |
| 基金项目: | 江苏省信息产业厅软件和集成电路专项经费项目 |
| |
| 摘 要: | 在分析了基于协议分析技术的IDS不足的基础上,引入了正则表达式的技术,提出了基于正则表达式匹配的协议分析技术,给出了相应实现算法,并在实际构建IDS规则库时进行了试验,通过实验结果表明,运用正则表达式改善了误用检测中检测特征单一、无法检测新攻击的缺陷,扩展了检测变种攻击的能力,从而大大提高了检测的效率.
|
| 关 键 词: | 入侵检测系统 协议分析 正则表达式 |
| 收稿时间: | 2006-03-20 |
| 修稿时间: | 2006年3月20日 |
NEW APPROACH TO INTRUSION DETECTION IN PROTOCOL ANALYSIS BASED ON REGULAR EXPRESSION |
| |
| Lu Hu,Song Yuqing,Xue Wanyu,Xu Jing.NEW APPROACH TO INTRUSION DETECTION IN PROTOCOL ANALYSIS BASED ON REGULAR EXPRESSION[J].Computer Applications and Software,2008,25(3):89-90,107. |
| |
| Authors: | Lu Hu Song Yuqing Xue Wanyu Xu Jing |
| |
| Affiliation: | Lu Hu1 Song Yuqing1 Xue Wanyu1 Xu Jing21(School of Computer Science , Telecommunications Engineering,Jiangsu University,Zhenjiang 212013,Jiangsu,China)2(Department of Computer,Nanjing University of Science , Technology,Nanjing 210094,China) |
| |
| Abstract: | On the basis of the analysis of the shortages of IDS based on protocol analysis, the regular expression is imported into IDS. A protocol analysis technology based on regular expression is put forward, and the corresponding algorithms and the experiments for the construc- tion of rule databases are presented. Experiments indicate that the defections of misuse detection are improved. The ability of variant attack detection is strengthened, and the efficiency of detection is enhanced. |
| |
| Keywords: | Intrusion detection system(IDS) Protocol analysis Regular expression |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
