| 一种适应负载特征的入侵检测方法 |
| |
| 引用本文: | 肖玮,房至一,王玮,杨宏军.一种适应负载特征的入侵检测方法[J].吉林大学学报(理学版),2008,46(4):725-728. |
| |
| 作者姓名: | 肖玮 房至一 王玮 杨宏军 |
| |
| 作者单位: | 1. 吉林大学 计算机科学与技术学院, 长春 130012; 2. 空军航空大学 飞行基础训练基地基础部, 长春 130022;3. 东北师范大学 计算机学院, 长春 130024 |
| |
| 基金项目: | 科技部科技攻关项目基金 |
| |
| 摘 要: | 针对网络环境不断变化和规则分类的不均匀问题, 提出一种既考虑规则特点又考虑负载特征的高效检测方法, 该方法能动态生成适应负载特征的规则匹配树, 并在Snort上实现. 实验结果表明, 该方法不仅可解决网络入侵检测系统(NIDS)丢包率高的问题, 而且
能极大减少每个包或事件要检测的规则集, 从而提高了检测效率.
|
| 关 键 词: | 入侵检测 负载特征 规则 网络入侵检测系统 |
| 收稿时间: | 2008-01-02 |
A Payload-adapt Intrusion Detection Method |
| |
| XIAO Wei,FANG Zhi-yi,WANG Wei,YANG Hong-jun.A Payload-adapt Intrusion Detection Method[J].Journal of Jilin University: Sci Ed,2008,46(4):725-728. |
| |
| Authors: | XIAO Wei FANG Zhi-yi WANG Wei YANG Hong-jun |
| |
| Institution: | 1. College of Computer Science and Technology, Jilin University, Changchun 130012, China;2. Department of Basic Training of Flat Training Base, Airforce Aviation University, Changchun 130022, China;3. School of Computer Science, Northeast Normal University, Changchun 130024, China |
| |
| Abstract: | According to the network environment constant change and rule classification asymmetry, we developed a high efficient detection method, considering the characteristics of both rules and loads. The method could dynamically generate a rule-matching tree, which adapted the payload features. Then we implemented it over Snort. The experiment results show that using the method, we can not only solve the problem of Network Intrusion System’s high packet loss rates, but also greatly reduce the rule set of each packet or event needs detection. Thus, the detection efficiency will be improved. |
| |
| Keywords: | intrusion detection payload rule network intrusion detection system |
| 本文献已被 维普 万方数据 等数据库收录! |
| 点击此处可从《吉林大学学报(理学版)》浏览原始摘要信息 |
| 点击此处可从《吉林大学学报(理学版)》下载免费的PDF全文 |
|
