本文選題：入侵檢測 + 多模匹配　； 參考：《浙江工業(yè)大學》2014年碩士論文

【摘要】：各行各業(yè)對網(wǎng)絡(luò)的依賴越來越高,網(wǎng)絡(luò)安全問題變得日益嚴峻。入侵檢測技術(shù)是一種動態(tài)的安全防護手段,能夠主動識別網(wǎng)絡(luò)中的入侵行為的特征,彌補了傳統(tǒng)網(wǎng)絡(luò)安全中的不足。入侵檢測技術(shù)為網(wǎng)絡(luò)安全提供了技術(shù)保障,是網(wǎng)絡(luò)安全保障系統(tǒng)的重要組成部分。 本論文介紹了入侵檢測系統(tǒng)的相關(guān)技術(shù),詳細分析了典型的網(wǎng)絡(luò)入侵檢測系統(tǒng)Snort系統(tǒng),并介紹了Snort系統(tǒng)的結(jié)構(gòu)、工作模式及規(guī)則等。簡單介紹多模式匹配算法在入侵檢測中的應用,并對兩種經(jīng)典的多模匹配算法AC算法和WM算法做了詳細的說明與對比。但伴隨著網(wǎng)絡(luò)技術(shù)的發(fā)展以及入侵檢測系統(tǒng)的規(guī)則集復雜性的不斷增加,先進的正則表達式引擎已漸漸替代了這些傳統(tǒng)的字符串匹配引擎。正則表達式匹配包括DFA(確定有限狀態(tài)自動機)匹配和NFA(非確定有限狀態(tài)自動機)匹配,由于網(wǎng)絡(luò)應用中更加適合于采用確定有限狀態(tài)自動機,我們一般更多對基于DFA的多模正則表達式匹配算法進行研究。雖然在速度上DFA比NFA更具備優(yōu)勢,但由于其規(guī)則集規(guī)模較大和匹配時過多地消耗空間,使得DFA性能下降嚴重。 針對DFA的缺點,通過加入對規(guī)則的預處理,對要構(gòu)造的規(guī)則進行分析,將相同類似的規(guī)則分成同一組,減少生成DFA的總個數(shù),以及構(gòu)造DFA的時間。通過對規(guī)則的分析,盡量減少系統(tǒng)規(guī)則的DFA狀態(tài)的總個數(shù),從而使得系統(tǒng)所占的內(nèi)存盡量減少,構(gòu)造DFA的速度盡量快,對系統(tǒng)的規(guī)則匹配速度,以及減少內(nèi)存使用的地方有較大的提高。
[Abstract]:Various industries rely more and more on the network, network security problems become increasingly serious. Intrusion detection technology is a dynamic security protection method which can identify the characteristics of intrusion behavior in the network actively and make up for the shortcomings of the traditional network security. Intrusion detection technology provides technical support for network security and is an important part of network security guarantee system. This paper introduces the related technologies of intrusion detection system, analyzes the typical network intrusion detection system (Snort) system in detail, and introduces the structure, working mode and rules of Snort system. This paper briefly introduces the application of multi-pattern matching algorithm in intrusion detection, and gives a detailed explanation and comparison of two classic multi-mode matching algorithms AC algorithm and WM algorithm. However, with the development of network technology and the increasing complexity of intrusion detection system rule set, the advanced regular expression engine has gradually replaced these traditional string matching engines. Regular expression matching includes DFA (deterministic finite state automata) matching and NFA (uncertain finite state automata) matching. We generally do more research on multi-mode regular expression matching algorithm based on DFA. Although DFA has more advantages than NFA in speed, because of its large size of rule set and excessive consumption of space when matching, the performance of DFA is degraded seriously. Aiming at the shortcomings of DFA, the rules to be constructed are analyzed by adding the preprocessing of the rules, and the same similar rules are divided into the same group to reduce the total number of DFA and the time of constructing DFA. Through the analysis of the rules, the total number of DFA states of the system rules is reduced as far as possible, so that the memory occupied by the system is reduced as much as possible, the speed of constructing DFA is as fast as possible, and the matching speed of the rules of the system is as fast as possible. As well as reducing the use of memory where there is a greater improvement.
【學位授予單位】：浙江工業(yè)大學
【學位級別】：碩士
【學位授予年份】：2014
【分類號】：TP393.08

【參考文獻】

相關(guān)期刊論文 前2條

1 李曉芳;姚遠;;入侵檢測工具Snort的研究與使用[J];計算機應用與軟件;2006年03期

2 張麗霞;陳莉;;一種改進的模式匹配算法[J];微計算機信息;2008年30期

，

本文編號：1880221