| 网络入侵检测规则的冲突检测和解决 |
| |
| 引用本文: | 孙美凤,龚俭.网络入侵检测规则的冲突检测和解决[J].东南大学学报(自然科学版),2006,36(4):522-525. |
| |
| 作者姓名: | 孙美凤 龚俭 |
| |
| 作者单位: | 1. 东南大学计算机科学与工程学院,南京,210096;扬州大学信息工程学院,扬州,225000
2. 扬州大学信息工程学院,扬州,225000 |
| |
| 基金项目: | 科技部科研项目,江苏省重点实验室基金 |
| |
| 摘 要: | 为了解决入侵检测系统中当前输入事件同时匹配入侵规则库中多条规则(检测冲突)从而导致漏报和误报的问题,利用形式化方法研究了冲突的类型和判定标准,给出了冲突检测和解决的算法.对Snort规则库分析的结果表明:提出的冲突判定标准正确有效,且冲突在规则库中实际存在并以交叉冲突为主.因此依靠专家经验建立的规则库不可避免地存在语义矛盾,对规则库进行冲突检测和冲突解决有助于提高入侵检测系统的有效性.
|
| 关 键 词: | 冲突检测 冲突解决 规则 入侵检测系统 |
| 文章编号: | 1001-0505(2006)04-0522-04 |
| 收稿时间: | 03 29 2006 12:00AM |
| 修稿时间: | 2006-03-29 |
Detecting and resolving conflict for network intrusion rule |
| |
| Sun Meifeng,Gong Jian.Detecting and resolving conflict for network intrusion rule[J].Journal of Southeast University(Natural Science Edition),2006,36(4):522-525. |
| |
| Authors: | Sun Meifeng Gong Jian |
| |
| Institution: | 1.School of Computer Science and Engineering, Southeast University, Nanjing 210096, China;2.College of Information Engineering, Yangzhou University, Yangzhou 225000, China |
| |
| Abstract: | For resolving the conflict which occurs when input event matches more than one rule of intrusion rule base in IDS(intrusion detection system),potentially creating ambiguity in alarm and moreover leading to false positive and false negative,the type of conflict and a set of principles to determine the relationship of two intrusion rules are defined formally,and then two algorithms to detect and resolve conflict are proposed.The analysis of snort rule base implies that the conflict exists in rule base and the principle to determine the relationship of two intrusion rules is correct.So there exists the ambiguity of rule's semantics inevitably when the rule base is build by human expert,detecting conflict and resolving conflict automatically favors the effectiveness of IDS. |
| |
| Keywords: | conflict detection conflict resolution rule intrusion detection system |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
