J4

• 计算机科学 • 上一篇    下一篇

一种适应负载特征的入侵检测方法

肖玮1,2, 房至一1, 王玮3, 杨宏军1   

  1. 1. 吉林大学 计算机科学与技术学院, 长春 130012; 2. 空军航空大学 飞行基础训练基地基础部, 长春 130022;3. 东北师范大学 计算机学院, 长春 130024
  • 收稿日期:2008-01-02 修回日期:1900-01-01 出版日期:2008-07-26 发布日期:2008-07-26
  • 通讯作者: 房至一

A Payloadadapt Intrusion Detection Method

XIAO Wei1,2, FANG Zhiyi1, WANG Wei3, YANG Hongjun1   

  1. 1. College of Computer Science and Technology, Jilin University, Changchun 130012, China;2. Department of Basic Training of Flat Training Base, Airforce Aviation University, Changchun 130022, China;3. School of Computer Science, Northeast Normal University, Changchun 130024, China
  • Received:2008-01-02 Revised:1900-01-01 Online:2008-07-26 Published:2008-07-26
  • Contact: FANG Zhiyi

PDF (PC)

256

摘要: 针对网络环境不断变化和规则分类的不均匀问题, 提出一种既考虑规则特点又考虑负载特征的高效检测方法, 该方法能动态生成适应负载特征的规则匹配树, 并在Snort上实现. 实验结果表明, 该方法不仅可解决网络入侵检测系统(NIDS)丢包率高的问题, 而且 能极大减少每个包或事件要检测的规则集, 从而提高了检测效率.

关键词: 入侵检测, 负载特征, 规则, 网络入侵检测系统

Abstract: According to the network environment constant change and rule classification asymmetry, we developed a high efficient detection method, considering the characteristics of both rules and loads. The method could dynamically generate a rule-matching tree, which adapted the payload features. Then we implemented it over Snort. The experiment results show that using the method, we can not only solve the problem of Network Intrusion System’s high packet loss rates, but also greatly reduce the rule set of each packet or event needs detection. Thus, the detection efficiency will be improved.

Key words: intrusion detection, payload, rule, network intrusion detection system

中图分类号: 

  • TP309
版权所有 © 《吉林大学学报(理学版)》编辑部
地址:吉林省长春市前进大街2699号 邮编:130012 电话:+86-431-88499428 E-mail: sejuj@jlu.edu.cn
本系统由北京玛格泰克科技发展有限公司设计开发