摘要
在分析了基于协议分析技术的IDS不足的基础上,引入了正则表达式的技术,提出了基于正则表达式匹配的协议分析技术,给出了相应实现算法,并在实际构建IDS规则库时进行了试验,通过实验结果表明,运用正则表达式改善了误用检测中检测特征单一、无法检测新攻击的缺陷,扩展了检测变种攻击的能力,从而大大提高了检测的效率。
On the basis of the analysis of the shortages of IDS based on protocol analysis, the regular expression is imported into IDS. A protocol analysis technology based on regular expression is put forward, and the corresponding algorithms and the experiments for the construc- tion of rule databases are presented. Experiments indicate that the defections of misuse detection are improved. The ability of variant attack detection is strengthened, and the efficiency of detection is enhanced.
出处
《计算机应用与软件》
CSCD
北大核心
2008年第3期89-90,107,共3页
Computer Applications and Software
基金
江苏省信息产业厅软件和集成电路专项经费项目(2005196)
关键词
入侵检测系统
协议分析
正则表达式
Intrusion detection system (IDS) Protocol analysis Regular expression
