期刊文献+

Snort规则库的冲突检查 被引量:2

Checking conflict for Snort intrusion rule
下载PDF
导出
摘要 针对冲突是规则库不正确的一种表现形式,可能导致漏报和误报,对Snort规则库的冲突进行了研究.首先从一般意义上讨论了冲突的类型以及冲突检测的算法,给出了对Snort规则库的检查结果,最后分析了冲突的原因和可能的解决方法. The fact that input event matches more than one intrusion rule in IDS is considered as a conflict, the conflict potentially results in false positive and false negative, and moreover reduces detection efficiency. This paper discusses the kind of conflict and proposes an algorithm to detect the conflict; gives out the checking results for Snort rule; finally analyzes the possible reasons and solutions for the conflict.
作者 孙美凤 龚俭
出处 《扬州大学学报(自然科学版)》 CAS CSCD 2006年第2期53-56,共4页 Journal of Yangzhou University:Natural Science Edition
基金 国家自然科学基金资助项目(90104031)
关键词 冲突 SNORT规则 入侵检测系统 conflict Snort rule intrusion detection system
  • 相关文献

参考文献9

二级参考文献10

  • 1王秀梅.[D].长春:长春工业大学,2002,03.
  • 2[1]Roesch M. Snort-Lightweight Intrusion Detection For Networks[EB/OL]. www.snort.org,1999-09.
  • 3[2]Desai N. Increasing Performance in High Speed NIDS,A look at Snorts Internals[EB/OL]. http://www.cis.udel.edu/~zhi/www.docshow.net,2002-03.
  • 4Denning D. An Intrusion Detection Model. IEEE Transactions on Software Engineering, 1987,13(2):222-232.
  • 5Roesch M. Snort Users Manual (Snort Release:1.81). Sourcefire, Inc.,2001-08.
  • 6Boyer R.and Moore J.(1977),A fast string searching algorithm.Communications of the ACM,1977.
  • 7Fisk M.and Varghese G.,An analysis of fast string matching applied to content-based forwarding and intrusion detection.Technical Report CS2001-0670(updated version),2002.
  • 8K.G.Anagnostakis,S.Antonatos E.P.Markatos M.Polychronakis,"E2XB:A DOMAIN-SPECIFIC STRING MATCHING ALGORITHM FOR INTRUSION DETECTION"in the Proceedings of the 18th IFIP International Information Security,2003.
  • 9NorthcuttS 余青霓译.网络入侵检测分析员手册[M].北京:人民邮电出版社,2000.10.
  • 10于泠,陈波.分布式拒绝服务攻击工具Trinoo的分析[J].计算机工程与应用,2002,38(3):152-154. 被引量:4

共引文献30

同被引文献3

引证文献2

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部