| SNORT规则匹配算法改进 |
| |
| 引用本文: | 王猛,王小双.SNORT规则匹配算法改进[J].浙江海洋学院学报(自然科学版),2007,26(2):215-218. |
| |
| 作者姓名: | 王猛 王小双 |
| |
| 作者单位: | 1. 华中科技大学计算机学院,湖北武汉,430074;浙江海洋学院图书馆,浙江舟山,316004
2. 浙江海洋学院数理与信息学院,浙江舟山,316004 |
| |
| 摘 要: | 检测引擎作为入侵检测系统(IDS)的核心模块,基本上采用基于模式匹配的检测方法,选择设计1个好的模式匹配算法对入侵检测系统的性能至关重要。对SNORT的原有规则匹配算法bm进行改进,在改进规则匹配算法中,将具有相同前缀的规则生成1棵规则树,在规则匹配的过程中将数据包内容和规则树进行匹配,在匹配时,可以和多个规则同时进行,大大减少了在规则匹配中花费的时间,从而提高了SNORT的性能。改进后的系统和原来系统进行了几种测试,通过测试改进后的系统比原来的系统速度明显提高。在流量大的情况,丢包情况也减少了。
|
| 关 键 词: | 检测引擎 模式匹配 入侵检测 算法 |
| 文章编号: | 1008-830X(2007)02-0215-04 |
| 收稿时间: | 2007-01-20 |
| 修稿时间: | 2007-01-20 |
Master and Application of Snort Tools for Intrusion Detection |
| |
| WANG Meng,WANG Xiao-shuang.Master and Application of Snort Tools for Intrusion Detection[J].Journal of Zhejiang Ocean University(Natural Science Edition),2007,26(2):215-218. |
| |
| Authors: | WANG Meng WANG Xiao-shuang |
| |
| Abstract: | As the core module of invasion detection system,detection engine generally uses the methods based on pattern matching.When improving the rule matching algorithm,a rule tree was built from the rules which have the same prefix.In matching these rules,the content of data package and rules tree can be matched with many other rules simultaneously so as to reduce the time and improve the function of SNORT.The comparison of the original system with the improved one showed that the speed of the latter is faster than the former,and when the current is large,the loss of package can be reduced obviously. |
| |
| Keywords: | detection engine pattern matching invasion detection algorithm |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
