基于有限自动机的网络入侵检测技术

入侵检测是对计算机网络和计算机系统的关键节点的信息进行收集和分祈。由于高速网络和交换式网络的普遍应用，以分布式拒绝服务攻击为代表的新型攻击方式的出现和发展，以及现有入侵检测系统效率低下、误报率和漏报率较高的问题无法得到有效解决等问题，目前入侵检测技术正处于发展的关键时期。协议分析是网络入侵检测技术中的一种关键技术，但不能解决对于包含在多个数据包中的攻击。针对这一问题，本文提出了基于状态协议分析的检测技术，构建一个有限自动机（Finite Automata，简称FA）来约束网络，并用由正则表达式产生的语言来描述一系列的正常的状态转化，充分利用协议的状态信息检测入侵。

Network Instrusion Detection Technique Based on Finite Automata

Intrusion Detection is gathering and analyzing the information of the important nodes of computer system. Intrusion Detection technology is now wandering with the universal application of high speed network, the appear of new attack methods like distributed denial of service attack, and the low efficiency and high false positive of today＇s IDSs. The protocol analysis is an essential technique in network intrusion c. But the technique doesn＇t resolve the attacks which have involved many packages. Aiming at the problem, this paper puts forward network intrusion detection technique based on state protocol analysis. The technique sets up a finite automata （FA） to control a network and describes a series of normal state conversion by the type language of regular expression. It proposes an intrusion detection technique that takes full advantage of the protocol state information for detecting intrusion.