本文選題：入侵檢測(cè)　切入點(diǎn)：Snort　出處：《江西理工大學(xué)》2014年碩士論文　論文類型：學(xué)位論文

【摘要】：隨著計(jì)算機(jī)網(wǎng)絡(luò)的飛速發(fā)展,人們的生活也在發(fā)生深刻的變化,計(jì)算機(jī)網(wǎng)絡(luò)已經(jīng)成為人們生活中非常重要的一部分。然而,網(wǎng)絡(luò)安全問(wèn)題一直是研究和關(guān)注的焦點(diǎn),上至國(guó)家,下至個(gè)人,都了解網(wǎng)絡(luò)安全的重要性。 入侵檢測(cè)系統(tǒng)作為網(wǎng)絡(luò)安全技術(shù)的代表之一,一直是專家學(xué)者研究的重點(diǎn)。作為一門(mén)年輕的學(xué)科分支,入侵檢測(cè)系統(tǒng)的模型、原理、作用及分類都值得學(xué)習(xí)。入侵檢測(cè)技術(shù)正在從傳統(tǒng)網(wǎng)絡(luò)安全技術(shù)中脫穎而出,成為網(wǎng)絡(luò)安全技術(shù)的主流技術(shù)。 Snort是一個(gè)輕量級(jí)的、開(kāi)源的入侵檢測(cè)系統(tǒng),分析它的工作原理,檢測(cè)過(guò)程,規(guī)則語(yǔ)法對(duì)學(xué)習(xí)Snort系統(tǒng)都是必要的。本文還分析了Snort從捕獲數(shù)據(jù)包、包解碼器、預(yù)處理器、規(guī)則解析和探測(cè)引擎以及響應(yīng)與輸出的全過(guò)程。 本文重點(diǎn)剖析了Snort檢測(cè)引擎采用的模式匹配算法,分析了BM算法、BMH算法、BMHS算法,指出了它們的優(yōu)點(diǎn)及不足,以及BM及其改進(jìn)算法的思想。在此基礎(chǔ)上,從三個(gè)方面思考,采用雙字符序列檢測(cè)法,提出一種改進(jìn)的BM算法1。繼而,在BMH算法和BMHS算法的思想上拓展,提出另一種改進(jìn)的BM算法2。 在學(xué)習(xí)和分析Snort系統(tǒng)的基礎(chǔ)上,設(shè)計(jì)一個(gè)在Windows平臺(tái)下Snort入侵檢測(cè)系統(tǒng),可圖形化顯示入侵檢測(cè)分析結(jié)果。最后將改進(jìn)的算法應(yīng)用于Snort系統(tǒng)中,通過(guò)實(shí)驗(yàn)驗(yàn)證,比較分析,改進(jìn)的算法比BM算法及其改進(jìn)算法在效率上都有所提高。算法的改進(jìn)是成功的,對(duì)Snort系統(tǒng)今后的發(fā)展是有幫助的。
[Abstract]:With the rapid development of computer network, people's life is also undergoing profound changes. Computer network has become a very important part of people's life. However, network security has always been the focus of research and attention, up to the country, As far as individuals are concerned, they understand the importance of network security. As one of the representatives of network security technology, intrusion detection system (IDS) has always been the focus of experts and scholars. As a young branch of discipline, intrusion detection system model, principle, Intrusion detection technology is emerging from the traditional network security technology and has become the mainstream technology of network security technology. Snort is a lightweight, open source intrusion detection system. It is necessary to analyze its working principle, detection process and rule syntax for learning Snort system. The rule parsing and detecting engine and the whole process of response and output. This paper mainly analyzes the pattern matching algorithm used in Snort detection engine, analyzes the BMHS algorithm of BM algorithm and BMH algorithm, points out their advantages and disadvantages, and the ideas of BM and its improved algorithm. An improved BM algorithm is proposed by using the two-character sequence detection method. Secondly, an improved BM algorithm is proposed by extending the ideas of BMH algorithm and BMHS algorithm. Based on the study and analysis of Snort system, a Snort intrusion detection system based on Windows platform is designed, which can display the result of intrusion detection analysis graphically. Finally, the improved algorithm is applied to Snort system. The improved algorithm is more efficient than BM algorithm and its improved algorithm. The improved algorithm is successful and helpful to the future development of Snort system.
【學(xué)位授予單位】：江西理工大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 吳水秀,謝龍明;一種基于HOP神經(jīng)網(wǎng)絡(luò)的IDS模型[J];江西師范大學(xué)學(xué)報(bào)(自然科學(xué)版);2003年04期

2 方阿麗;殷美桂;;淺談入侵檢測(cè)技術(shù)[J];電腦知識(shí)與技術(shù);2011年36期

3 胡軍;左明;;基于Snort的入侵檢測(cè)規(guī)則匹配技術(shù)研究[J];計(jì)算機(jī)安全;2007年02期

4 何畏;汪榮貴;查全民;;一種新的快速移動(dòng)單模式匹配算法[J];合肥工業(yè)大學(xué)學(xué)報(bào)(自然科學(xué)版);2010年05期

5 王杰;王同軍;孫珂珂;;提高Snort規(guī)則匹配速度的新方法[J];計(jì)算機(jī)工程與應(yīng)用;2009年28期

6 李雪瑩,劉寶旭,許榕生;字符串匹配技術(shù)研究[J];計(jì)算機(jī)工程;2004年22期

7 王浩;張霖;張慶;;基于雙字符序檢測(cè)的BM模式匹配改進(jìn)算法[J];計(jì)算機(jī)工程與科學(xué);2012年03期

8 任曉峰,董占球;提高Snort規(guī)則匹配速度方法的研究與實(shí)現(xiàn)[J];計(jì)算機(jī)應(yīng)用;2003年04期

9 王志飛;;增強(qiáng)型BM匹配入侵檢測(cè)算法的設(shè)計(jì)與實(shí)現(xiàn)[J];遼寧師專學(xué)報(bào)(自然科學(xué)版);2008年04期

10 顧明;;Snort的高效規(guī)則匹配算法的研究[J];遼寧師專學(xué)報(bào)(自然科學(xué)版);2009年01期

，

本文編號(hào)：1635188