检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
机构地区:[1]西安电子科技大学综合业务网理论及关键技术国家重点实验室,陕西西安710071
出 处:《西安电子科技大学学报》2007年第6期887-894,共8页Journal of Xidian University
基 金:国家自然科学基金资助(90604009);国家青年科学基金资助(60503010);国家"十一五"密码发展基金资助
摘 要:Snort是一个基于规则的轻量级网络入侵检测系统.为提高Snort系统的性能,针对其工作流程是单线程的特征,用处理模块间设置缓冲队列、各个协议解码器和链表节点设置忙闲标识等方法实现了对其的多线程改造,并详细描述了改造后系统的工作流程,最后结合简化模型模拟实验结果,分析了改造前后的系统各性能的变化.改造后的系统在检测速度和漏检率等性能方面有所提高,但也增加了CPU的工作量和内存的使用量.The Snort system is a lightweight network intrusion detection system based on rules. In this paper, the principle, the basic structure and the workflow of this system are analyzed. Aiming at the Snort system working in a single thread, a reform scheme based on the multithreading technique for developing its performance is put forward, including a queue between two function modules and a busy sign flag in every decoder and chain node. The workflow of the reformed system is described then. Finally, the performance of the reformed system is analyzed theoretically associating with the result of a simulated experiment with a simplified model, which shows the detection efficiency is increased and the rate of miss-detection is decreased, but the workloads of CPU and the computer memory are increased.
关 键 词:网络安全 SNORT 网络入侵检测系统 多线程 Snort工作流程
分 类 号:TP393[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.3