摘要
入侵检测技术是安全防护的重要手段,但是传统的入侵检测系统在高速网络环境下由于误报率和漏报率过高而难以满足实际需要。文中分析了基于模式匹配的入侵检测系统的不足,提出了把协议分析技术和模式匹配技术相结合的检测模型,最后讨论了一种对入侵检测系统的规则库进行精简的方法。这些方法提高了检测准确率和效率,使得入侵检测系统能够适应高速网络环境。
Intrusion detection technique is an important safety precaution, but the current intrusion detection system can't meet the actual demands because of the defect of high false alarm and false negative rates in high - speed network. Analyzes the limitations of intrusion detection system which is based on pattern matching, puts forward a model which protocol analysis and pattern matching are combined, and discusses a method to reduce the signature library of intrusion detection system. These methods can enhance the accuracy and efficiency of detection, and make intrusion detection system adapt to high-speed network.
出处
《计算机技术与发展》
2007年第2期239-241,244,共4页
Computer Technology and Development
关键词
入侵检测系统
模式匹配
协议分析
规则库
intrusion detection system
pattern matching
protocol analysis
signature library