摘要
分析了传统的模式匹配和协议分析检测方法的优缺点。使用协议分析和模式匹配相结合的入侵检测技术,设计与实现了一个网络入侵检测系统。该系统中,利用Libpcap函数库实现网络数据包的捕获,采用内存映射技术来提高数据包捕获效率;应用改进后的Tuned BM模式匹配算法,提高模式匹配的速度,减少比较的次数。这样的体系设计可以减少计算量,提高算法的效率,并通过协议分类减少不必要的误报率。
This article analyzes the virtue and flaw of traditional pattern matching and protocol analysis intrusion detection technique. It designed and implemented a intrusion detection system based on the combination of protocol analysis and pattern matching . In this system, the libpcap function is used to capture the network packet and the MMAP is used to improve efficiency, the improved Tuned BM pattern matching algorithm is used to improve rates, and reduce times of comparing, the design of the system can greatly reduce the computation, improve efficiency of algorithm, and reduce the unnecessary misinformation rates by protocol.
出处
《信息技术》
2007年第8期14-17,87,共5页
Information Technology
基金
国家自然科学基金资助项目(60273089)
陕西省教育厅自然科学研究计划资助项目(06JK231)
