IDS匹配规则的动态调整方法的改进研究
Research on Improvement of Dynamic Adjust of Rule Matching in IDS
基于规则匹配的检测是入侵检测系统通常使用的一种检测方法,当入侵检测系统面对大量规则数据库时,提高有效规则的匹配速度有利于改进入侵检测系统的性能。鉴于在一段时间内,网络攻击行为种类比较集中,提高对集中攻击的检测速度能较好的改进入侵检测系统的效率。本文提出了一种动态调整匹配规则方法,增加匹配选项索引,通过对匹配规则的上升度对规则进行动态调整,提高数据包的检测速度,提升系统检测效率。
etection based on Rule matching is a method that intrusion detection systems usually use, it is effective to improve the performance of IDS by increasing the detection speed of effective rule matching, when IDS face large number of rules. For a period of time, the type of network attacks are relatively concentrated, to increase detection rate of concentrated attacks can better improve the efficiency of intrusion detection system. A dynamic adjust rule matching method is put forward in this paper, by add rule match index, dynamic adjust rules by calculate their upward trend, improve data packet detecting speed and system’s detecting efficiency.
彭霄
计算技术、计算机技术
NIDS规则匹配动态调整
NIDSRule Matchingynamic adjustment
彭霄.IDS匹配规则的动态调整方法的改进研究[EB/OL].(2009-10-07)[2025-08-16].http://www.paper.edu.cn/releasepaper/content/200910-39.点此复制
评论