检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
机构地区:[1]湖南大学计算机与通信学院,湖南长沙410082
出 处:《计算机工程与设计》2005年第11期2884-2886,共3页Computer Engineering and Design
基 金:国家自然科学基金项目(60273070)
摘 要:基于误用的入侵检测系统性能在很大程度上取决于其检测引擎的性能。为了满足网络流量和速度的增大,设计高性能的入侵检测引擎将成为一项紧迫的任务。首先介绍了Snort系统的工作原理和检测引擎的分类,然后对在Snort2.0和Snort-ng中实现的最新检测引擎进行了详细分析。实验结果表明,Snort2.0在速度和内存消耗上都优于Snort-ng,但Snort-ng的检测引擎为今后入侵检测引擎的设计开辟了一条新的思路,但将它作为发展下一代Snort技术中的检测引擎还需要不断完善。Misuse-based of intrusion detection system is decided by the performance of its detection engine to a large extent. For satisfying the increasing network traffic and speed, design the high performance intrusion detection engine will become an urgent mission. The principle of Snort and detection engine classification were introduced at first, and then two kinds of latest detection engines were analyzed that realized in Snort2.0 and Snort-ng. Experimental results show that the detection engine in Snort2.0 is better than Snort-ng in the aspect of speed and memory consumption, but the detection engine in the Snort-ng finds a new way to design the intrusion detection engine, using as intrusion detection engine in the next generation Snort, which needs continuously perfect.
关 键 词:入侵检测引擎 模式匹配 规则 SNORT 决策树
分 类 号:TP309[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.222
