| 基于协议分析的入侵检测规则智能匹配 |
| |
| 引用本文: | 于志宏,赵阔,胡亮. 基于协议分析的入侵检测规则智能匹配[J]. 长春邮电学院学报, 2008, 0(2): 156-162 |
| |
| 作者姓名: | 于志宏 赵阔 胡亮 |
| |
| 作者单位: | 吉林大学计算机科学与技术学院,吉林长春130012 |
| |
| 基金项目: | 基金项目:国家自然科学基金资助项目(60473099);教育部新世纪优秀人才支持计划基金资助项目(NCET-06-0300). |
| |
| 摘 要: | 针对传统模式匹配检测技术存在的计算量大、检测率低误、报警率高等问题,提出了一种基于协议分析的智能匹配检测方法。该检测方法充分利用TCWIP(Transmission Control Protocol/Intemet Protocol)技术的高度规则性检测攻击的存在,明显减少了匹配检测的计算量。设计并实现了基于动态分析的自动排序规则库。实验结果表明,该智能匹配方案能使模式匹配的时间缩短20%,从而提高了入侵检测的效率。
|
| 关 键 词: | 协议分析 模式匹配 入侵检测 |
Intelligent Matching for Intrusion Detection Rules Based on Protocol Analysis |
| |
| YU Zhi-hong,ZHAO Kuo,HU Liang. Intelligent Matching for Intrusion Detection Rules Based on Protocol Analysis[J]. Journal of Changchun Post and Telecommunication Institute, 2008, 0(2): 156-162 |
| |
| Authors: | YU Zhi-hong ZHAO Kuo HU Liang |
| |
| Affiliation: | ( College of Computer Science and Technology, Jilin University, Changchun 130012, China) |
| |
| Abstract: | Because there are some problems for traditional pattern matching detection technique such as high strength computations, low detection rates and high false alarm rates an intelligent matching for intrusion detection rules based on protocol analysis is proposed. And this technique aims at detecting attacks by the means of high regularity of TCP/IP (Transmission Control Protocol/Internet Protocol) , which results in obvious decrease of computational quantities of rules matching. The design and implementation of auto sorting rules base based on dynamic analysis are also presented. Experimental results show that our proposals can shorten about 20% the time of pattern matching and improve the efficiency of intrusion detection. |
| |
| Keywords: | protocol analysis pattern matching intrusion detection |
| 本文献已被 维普 等数据库收录! |
