首页 | 官方网站   微博 | 高级检索  
     

基于频率的Snort规则集构造方法
引用本文:周宇,谭小彬,何鲜宗,奚宏生.基于频率的Snort规则集构造方法[J].计算机工程,2010,36(12):156-158.
作者姓名:周宇  谭小彬  何鲜宗  奚宏生
作者单位:中国科学技术大学信息科学技术学院,合肥,230027
基金项目:国家“863”计划基金资助项目(2006AA01Z449)
摘    要:为提高Snort入侵检测系统的规则匹配效率,提出一种基于频率的Snort规则集构造方法。Snort系统使用规则集对网络数据包进行匹配分析,发现入侵行为。通过计算数据包样本中各选项的频率,在构造规则树时,采用频率小先匹配的原则,减少匹配次数,提高系统效率。实验结果表明,与Snort2方法相比,该方法配合参数集合匹配的匹配效率较高。
关 键 词:Snort系统  入侵检测  频率  规则匹配

Snort Rule Set Structure Method Based on Frequency
ZHOU Yu,TAN Xiao-bin,HE Xian-zong,XI Hong-sheng.Snort Rule Set Structure Method Based on Frequency[J].Computer Engineering,2010,36(12):156-158.
Authors:ZHOU Yu  TAN Xiao-bin  HE Xian-zong  XI Hong-sheng
Affiliation:(School of Information Science and Technology, University of Science and Technology of China, Hefei 230027)
Abstract:A method of establishing rule set of snort based on frequency is proposed to enhance the efficiency of rule matching of snort intrusion detection system. Snort system analyzes network packets using rule set to find intrusion behaviors. A method is proposed which creates rule trees by the principle of low frequency first matching after calculating the frequency of each packets option, to decrease matching times and raise efficiency. By analysis of experimentation, it is proved that method based on frequency combined with parameter set archives excellent effects and enhances matching efficiency compared with Snort2 method.
Keywords:Snort system  intrusion detection  frequency  rule matching
本文献已被 维普 万方数据 等数据库收录!
点击此处可从《计算机工程》浏览原始摘要信息
点击此处可从《计算机工程》下载全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司    京ICP备09084417号-23

京公网安备 11010802026262号