摘要
针对冲突是规则库不正确的一种表现形式,可能导致漏报和误报,对Snort规则库的冲突进行了研究.首先从一般意义上讨论了冲突的类型以及冲突检测的算法,给出了对Snort规则库的检查结果,最后分析了冲突的原因和可能的解决方法.
The fact that input event matches more than one intrusion rule in IDS is considered as a conflict, the conflict potentially results in false positive and false negative, and moreover reduces detection efficiency. This paper discusses the kind of conflict and proposes an algorithm to detect the conflict; gives out the checking results for Snort rule; finally analyzes the possible reasons and solutions for the conflict.
出处
《扬州大学学报(自然科学版)》
CAS
CSCD
2006年第2期53-56,共4页
Journal of Yangzhou University:Natural Science Edition
基金
国家自然科学基金资助项目(90104031)