本文選題：入侵檢測　切入點：Snort　出處：《江西理工大學》2014年碩士論文　論文類型：學位論文

【摘要】：隨著計算機網(wǎng)絡(luò)的飛速發(fā)展,人們的生活也在發(fā)生深刻的變化,計算機網(wǎng)絡(luò)已經(jīng)成為人們生活中非常重要的一部分。然而,網(wǎng)絡(luò)安全問題一直是研究和關(guān)注的焦點,上至國家,下至個人,都了解網(wǎng)絡(luò)安全的重要性。 入侵檢測系統(tǒng)作為網(wǎng)絡(luò)安全技術(shù)的代表之一,一直是專家學者研究的重點。作為一門年輕的學科分支,入侵檢測系統(tǒng)的模型、原理、作用及分類都值得學習。入侵檢測技術(shù)正在從傳統(tǒng)網(wǎng)絡(luò)安全技術(shù)中脫穎而出,成為網(wǎng)絡(luò)安全技術(shù)的主流技術(shù)。 Snort是一個輕量級的、開源的入侵檢測系統(tǒng),分析它的工作原理,檢測過程,規(guī)則語法對學習Snort系統(tǒng)都是必要的。本文還分析了Snort從捕獲數(shù)據(jù)包、包解碼器、預處理器、規(guī)則解析和探測引擎以及響應(yīng)與輸出的全過程。 本文重點剖析了Snort檢測引擎采用的模式匹配算法,分析了BM算法、BMH算法、BMHS算法,指出了它們的優(yōu)點及不足,以及BM及其改進算法的思想。在此基礎(chǔ)上,從三個方面思考,采用雙字符序列檢測法,提出一種改進的BM算法1。繼而,在BMH算法和BMHS算法的思想上拓展,提出另一種改進的BM算法2。 在學習和分析Snort系統(tǒng)的基礎(chǔ)上,設(shè)計一個在Windows平臺下Snort入侵檢測系統(tǒng),可圖形化顯示入侵檢測分析結(jié)果。最后將改進的算法應(yīng)用于Snort系統(tǒng)中,通過實驗驗證,比較分析,改進的算法比BM算法及其改進算法在效率上都有所提高。算法的改進是成功的,對Snort系統(tǒng)今后的發(fā)展是有幫助的。
[Abstract]:With the rapid development of computer network, people's life is also undergoing profound changes. Computer network has become a very important part of people's life. However, network security has always been the focus of research and attention, up to the country, As far as individuals are concerned, they understand the importance of network security. As one of the representatives of network security technology, intrusion detection system (IDS) has always been the focus of experts and scholars. As a young branch of discipline, intrusion detection system model, principle, Intrusion detection technology is emerging from the traditional network security technology and has become the mainstream technology of network security technology. Snort is a lightweight, open source intrusion detection system. It is necessary to analyze its working principle, detection process and rule syntax for learning Snort system. The rule parsing and detecting engine and the whole process of response and output. This paper mainly analyzes the pattern matching algorithm used in Snort detection engine, analyzes the BMHS algorithm of BM algorithm and BMH algorithm, points out their advantages and disadvantages, and the ideas of BM and its improved algorithm. An improved BM algorithm is proposed by using the two-character sequence detection method. Secondly, an improved BM algorithm is proposed by extending the ideas of BMH algorithm and BMHS algorithm. Based on the study and analysis of Snort system, a Snort intrusion detection system based on Windows platform is designed, which can display the result of intrusion detection analysis graphically. Finally, the improved algorithm is applied to Snort system. The improved algorithm is more efficient than BM algorithm and its improved algorithm. The improved algorithm is successful and helpful to the future development of Snort system.
【學位授予單位】：江西理工大學
【學位級別】：碩士
【學位授予年份】：2014
【分類號】：TP393.08

【參考文獻】

相關(guān)期刊論文 前10條

1 吳水秀,謝龍明;一種基于HOP神經(jīng)網(wǎng)絡(luò)的IDS模型[J];江西師范大學學報(自然科學版);2003年04期

2 方阿麗;殷美桂;;淺談入侵檢測技術(shù)[J];電腦知識與技術(shù);2011年36期

3 胡軍;左明;;基于Snort的入侵檢測規(guī)則匹配技術(shù)研究[J];計算機安全;2007年02期

4 何畏;汪榮貴;查全民;;一種新的快速移動單模式匹配算法[J];合肥工業(yè)大學學報(自然科學版);2010年05期

5 王杰;王同軍;孫珂珂;;提高Snort規(guī)則匹配速度的新方法[J];計算機工程與應(yīng)用;2009年28期

6 李雪瑩,劉寶旭,許榕生;字符串匹配技術(shù)研究[J];計算機工程;2004年22期

7 王浩;張霖;張慶;;基于雙字符序檢測的BM模式匹配改進算法[J];計算機工程與科學;2012年03期

8 任曉峰,董占球;提高Snort規(guī)則匹配速度方法的研究與實現(xiàn)[J];計算機應(yīng)用;2003年04期

9 王志飛;;增強型BM匹配入侵檢測算法的設(shè)計與實現(xiàn)[J];遼寧師專學報(自然科學版);2008年04期

10 顧明;;Snort的高效規(guī)則匹配算法的研究[J];遼寧師專學報(自然科學版);2009年01期

，

本文編號：1635188