| 基于协议分析的入侵检测方法的改进 |
| |
| 引用本文: | 王新生,卢军从,吴继东.基于协议分析的入侵检测方法的改进[J].燕山大学学报,2006,30(4):317-321. |
| |
| 作者姓名: | 王新生 卢军从 吴继东 |
| |
| 作者单位: | 1. 燕山大学,信息科学与工程学院,河北,秦皇岛,066004
2. 黑龙江省特种设备检验研究所,黑龙江,哈尔滨,150040 |
| |
| 摘 要: | 自协议分析方法引入入侵检测系统以来,就与模式匹配方法相结合,以其简单、高效得到了广泛的应用与发展。Snort系统是目前最常用的基于协议分析的入侵检测系统,目前多数入侵检测产品是将Snort系统进行简单加工改造而成的。Snort系统是完全由规则驱动的,只是对网络接口数据进行生硬的模式匹配。近年来,国内外也提出了一些协议分析方法的改进,但都局限于基于误用的检测方法效率的提高。本文总结了现在基于协议分析的入侵检测方法的理论成果,提出了一种有机结合了误用和异常检测方法的基于协议分析的入侵检测系统模型。这一模型结合了协议确认、协议分析和模式匹配三种检测技术,综合协议分析方法的先进技术方法,并利用协议确认方法对原有单一规则驱动的方法做出有利补充。
|
| 关 键 词: | 入侵检测 协议分析 协议确认 模式匹配 |
| 文章编号: | 1007-791X(2006)04-0317-05 |
| 修稿时间: | 2005年3月1日 |
Improvement of intrusion detection technique based on protocol analyzing |
| |
| WANG Xin-sheng,LU Jun-cong,WU Ji-dong.Improvement of intrusion detection technique based on protocol analyzing[J].Journal of Yanshan University,2006,30(4):317-321. |
| |
| Authors: | WANG Xin-sheng LU Jun-cong WU Ji-dong |
| |
| Abstract: | Since the technique of Protocol Analyzing was integrated into Intrusion Detection System (IDS) with Expression Matching technique, it has been widely used and developed for its simple and efficiency. Snort system is most popular of the Intrusion System based on Protocol Analyzing now.And many IDS procucts are come out of Snort system.Snort system is absolutely drived by rules, and it just matching the data with the rules. In the last few years, the technique of protocol analyzing was improved, however, it is still limited in Expression Matching. In this paper, the methods of protocol analyzing is summarized, and an intrusion detection model based on protocol analyzing and protocol verification is proposed. The technology of protocol verification, protocol analyzing and expression matching was integrated into the model. It made up the shortcomings of expression Matching and tradi- tional technique of protocol analyzing. |
| |
| Keywords: | IDS |
| 本文献已被 CNKI 万方数据 等数据库收录! |
|
