期刊文献+

网络安全系统中的快速规则匹配

Fast rule matching in network security systems
下载PDF
导出
摘要 随着网络攻击的增多,各类安全系统被广泛应用,其关键和核心是规则匹配。加速规则匹配可以提高系统性能,使其适应更高速网络和更严格环境。介绍和分析了现有的两种主要规则匹配算法:布尔表达式树和有向无环控制流图,提出了一种快速规则匹配算法。该算法先对有向无环控制流图进行等价变换,再在此基础上进行概率优化和改进,通过调整规则内部的逻辑表示结构,使得规则的结构转换速度和计算速度都得到明显的提高。经过测试比较,该算法能有效缩短匹配时间,改善系统性能。 With network attacks increasing, security systems are wiaely applied, and, matching speed improve efficiency, and make security systems suit for higher-speed networks and much stricter environments. Two kind of common matching algorithms are introduced and analysed at first: Boolean expression tree and directed acyclic control flow graph (CFG), and then a better one is put forward. This algorithm does equivalent transformation over CFG at first, does some optimization and improvement with probability, and then adjusts rule's internal logical expression structure, So it gets faster to transform structure and compute, Through testing, this algorithm is shown to take less time and improve performance greatly.
出处 《计算机工程与设计》 CSCD 北大核心 2007年第6期1269-1272,共4页 Computer Engineering and Design
基金 国家863高技术研究发展计划基金项目(2003AA144050)
关键词 规则匹配 布尔表达式树 有向无环控制流图 线形结构 析取范式 rule match boolean expression tree directed acyclic control flow graph linear structure disjunctive normal form
  • 相关文献

参考文献10

  • 1Craig S Holman.Boolean expression-an overview[D].Evanston Illinois,Northwestern University,2000.
  • 2左孝凌 李为鉴 刘永才.离散数学[M].上海:上海科学技术文献出版社,2003..
  • 3梁京章,赵启斌,陈学广.基于规则的防火墙匹配算法研究[J].计算机工程与应用,2005,41(20):166-168. 被引量:8
  • 4Roesch M.Snort-lightweight intrusion detection for networks[EB/OL].http://www.snort.org/docs/lisapaper.txt.
  • 5Binary expression trees[CP/OL].http://malun1.mala.bc.ca:8080/~wesselsd/cscil 61/notes/exptree/exptree.html.
  • 6Stephen F Donnelly.High precision timing in passive measurements of data networks[D].New Zealand:University of Waikato,2002.
  • 7Alok S Tongaonkar.Fast pattern-matching techniques for packet filtering[D].New York:Stony Brook University,2004.
  • 8Begal A,McCanne S,Graham S L.BPF+:Exploiting global dataflow optimization in a generalized packet filter architecture[C].Proceeding of ACM SIGCOMM'99,1999.123-134.
  • 9Pierre Sarrazin.BoolStuff[CP/OL].2005.http://www3.sympatico.ca/sarrazip/dev/boolstuff.html.
  • 10Jan Coppens,Stijn De Smet.Performance evaluation of a probabilistic packet filter optimization algorithm for high-speed network monitoring[C].Toulouse,France:Proceedings of 7th IEEE International Conference on High Speed Networks and Multimedia Communications(HSNMC'04),2004.

二级参考文献4

共引文献21

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部