| 基于动态Cache策略优化Snort检测引擎性能研究 |
| |
| 引用本文: | 张雪松.基于动态Cache策略优化Snort检测引擎性能研究[J].计算机应用与软件,2008,25(3):260-262. |
| |
| 作者姓名: | 张雪松 |
| |
| 作者单位: | 大连交通大学软件学院,辽宁,大连,116052 |
| |
| 摘 要: | 提出了一种动态Cache策略,将最近一段时间内经常用到的少量规则结点指针存储在一个Cache块中.当攻击密度上升到一定阈值时,在Snort检测引擎中动态加载Cache块,接下来捕获的每一个数据包都首先和Cache块中存储的指针所指向的规则结点进行匹配.当网络攻击密度降低到一定阈值时,在Snort检测引擎中动态卸载Cache块,避免攻击密度较低时二次匹配带来的额外开销.实验表明,动态Cache策略可以提高Snort检测引擎在高强度攻击下的检测效率,降低漏报率.
|
| 关 键 词: | 入侵检测 规则匹配 高速缓存 |
| 收稿时间: | 2007-04-05 |
| 修稿时间: | 2007年4月5日 |
RESEARCH ON PERFORMANCE OPTIMIZATION OF SNORT DETECTION ENGINE BASED ON DYNAMIC CACHE STRATEGY |
| |
| Zhang Xuesong.RESEARCH ON PERFORMANCE OPTIMIZATION OF SNORT DETECTION ENGINE BASED ON DYNAMIC CACHE STRATEGY[J].Computer Applications and Software,2008,25(3):260-262. |
| |
| Authors: | Zhang Xuesong |
| |
| Affiliation: | Zhang Xuesong(Institute of Software,Dalian Jiaotong University,Dalian 116052,Liaoning,China) |
| |
| Abstract: | A dynamic Cache strategy is put forward, in which the recent frequently used rule node pointers are stored in a Cache block. When the density of intrusion attack is enhanced to some point, the Cache is dynamically loaded in Snort detection engine, and each packet captured is firstly matched with the rule node in Cache block. When the density of intrusion attack is degraded to some point, the Cache block is unloaded from Snort detection engine dynamically, so that the extra cost caused by twice rule matching is avoided. The experiments show that the dynamic Cache strategy can improve the detection efficiency under high attack density and degrade the rate of missing alert. |
| |
| Keywords: | Intrusion detection Rule matching Cache |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
