网络入侵检测系统NIDS的Snort工具的研究

随着互联网的迅速普及,其安全技术的重要性已经日益突出,IDS(IntrusionDetectionSystem)是网络安全技术的重要组成部分之一。NIDS是基于审计的IDS,通过被动地分析网络的流通信息包括数据包的报头和数据信息以达到检测网络异常行为的发生。Snort是一个基于libpcap的数据包嗅探器并可以作为一个轻量级的网络入侵检测系统(NIDS)。本论文通过介绍NIDS中Snort工具的检测规则、功能结构、程序结构以及与其它NIDS工具的比较,讨论了Snort的不足之处,并对其的改进提出了一些建议性的思路,以期能在进一步的研究中起到抛砖引玉的作用。

A Discussion on Snort:the Tool of NIDS

With the rapid spread of internet among the people,the importance of the technology for network safety is becoming increasingly obvious.IDS(Instrusion Detection System) is just an important part of it,Based on the auditing IDS,NIDS can detect the abnormal happenings on internet by analyzing the information current,in a passive way,including the masthead of Data Pack and the data imformation.Snort,a Data Pack Detector based on libpcap,can be regarded as a lighter NIDS.This paper illustrates Snort(one of the tools of NIDS),including the detecting regulations,the structures of its functions and programs,and the comparison with other tools of NIDS.It aims at discussing the deficiencies of Snort and making a few suggestions to improve it so that others may come up with valuble opinions in the further researches.