基于Snort的网络安全入侵检测预防系统设计  被引量：1

作　　者：田里 喻潇 王捷 王晋 TIAN Li;YU Xiao;WANG Jie;WANG Jin(Electric Power Research Institute,State Grid Hubei Electric Power Co.,Ltd.,Wuhan 430077,China)

机构地区：[1]国网湖北省电力有限公司电力科学研究院,湖北武汉430077

出　　处：《电子设计工程》2021年第18期148-151,156,共5页Electronic Design Engineering

摘　　要：为解决开放性源码造成的暴露缺陷问题,实现对网络安全环境的有效维护,设计基于Snort的网络安全入侵检测预防系统。以数据包捕获模块作为开放性源码的初始输入端,联合信息解码模块与检测预处理模块,实现对源码信息的编译处置,搭建完成检测预防系统的硬件执行环境。在此基础上,设置Snort页面模式,在展示规则应用文件的同时,计算具体的入侵行为过滤系数,搭建系统的软件执行环境,结合相关硬件设备元件,完成基于Snort的网络安全入侵检测预防系统设计。对比实验结果显示,与IDS型入侵检测系统相比,应用Snort型检测预防系统后,单位时间内的暴露信息总量仅能达到4.1×10^(15) T,开放性源码的平均暴露周期也缩短至3.56 s,可有效解决由开放性源码造成的网络安全暴露缺陷问题。In order to solve the problem of exposed defects caused by open source code and realize effective maintenance of network security environment,a network security intrusion detection and prevention system based on Snort was designed.The packet capture module is taken as the initial input end of open source code,and the information decoding module and detection preprocessing module are combined to realize the compilation and disposal of source code information and complete the construction of hardware execution environment of detection and prevention system.On this basis,set up the Snort page mode,calculate the specific intrusion behavior filtering coefficient while displaying the application files of rules,build the system's software execution environment,and complete the design of network security intrusion detection and prevention system based on Snort in combination with relevant hardware equipment components.The experimental results show that,compared with IDS intrusion detection system,the total amount of exposure information per unit time after Snort detection and prevention system is only 4.1×10^(15) T,and the average exposure cycle of open source code is shortened to 3.56 s,which can effectively solve the network security exposure defects caused by open source code.

关 键 词：网络安全 入侵检测 预防系统 数据包捕获 信息解码 Snort页面 

分 类 号：TP311[自动化与计算机技术—计算机软件与理论]