| 网络入侵检测系统预先决策检测引擎研究 |
| |
| 引用本文: | 龙小飞,冯雁,王瑞杰. 网络入侵检测系统预先决策检测引擎研究[J]. 浙江大学学报(工学版), 2006, 40(10): 1701-1704 |
| |
| 作者姓名: | 龙小飞 冯雁 王瑞杰 |
| |
| 作者单位: | 龙小飞,冯雁,王瑞杰(浙江大学 计算机科学与技术学院,浙江 杭州 310027) |
| |
| 摘 要: | 为了减少基于特征的网络入侵检测系统产生的虚警数量并提高其检测效率,提出了一种采用预先决策检测引擎的方法,该方法把受监控网段内的主机软件信息作为预先决策检测引擎的决策依据,在模式匹配之前进行预先决策,过滤掉不需要匹配的入侵规则,使得单个数据包平均模式匹配次数尽可能少,从而降低虚警数量并改善检测性能.实验结果表明,该方法在不增加网络入侵检测系统漏报率的前提下,能够减少虚警数量,并改善系统的检测效率.
|
| 关 键 词: | font-family: 宋体" >基于特征 font-family: 宋体" >网络入侵检测系统 font-family: 宋体" >预先决策 font-family: 宋体" >检测引擎 |
| 文章编号: | 1008-973X(2006)10-1701-04 |
| 收稿时间: | 2005-06-25 |
| 修稿时间: | 2005-06-25 |
Pre-decision detection engine for signature-based network intrusion detection system |
| |
| LONG Xiao-fei,FENG Yan,WANG Rui-jie. Pre-decision detection engine for signature-based network intrusion detection system[J]. Journal of Zhejiang University(Engineering Science), 2006, 40(10): 1701-1704 |
| |
| Authors: | LONG Xiao-fei FENG Yan WANG Rui-jie |
| |
| Affiliation: | College of Computer Science and Technology, Zhejiang University, Hangzhou 310027, China |
| |
| Abstract: | A pre-decision detection engine to mitigate false positives generated by signature-based network intrusion detection system and improve the performance of processing packets was proposed.By utilizing hosts'software information on monitored network,predecision detection engine makes a decision before pattern match to filter out unnecessary rules,which minimizes average pattern-match times for each packet,and reduces false positives and improves performance as a result.Experimental results showed that pre-decision detection engine can decrease false positives and improve the performance of processing packets,without increasing the false negative rate. |
| |
| Keywords: | signature-based network intrusion detection system pre-decision detection engine |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《浙江大学学报(工学版)》浏览原始摘要信息 |
|
点击此处可从《浙江大学学报(工学版)》下载全文 |
