摘要
对于入侵检测系统来说,选择好的入侵检测方法有利于提高检测效率,传统的入侵检测系统由于计算量大、漏报率和误报率高,已经不适应于当前网络系统的需求。协议分析是网络入侵检测中的一种关键技术,基于这种思想,介绍了协议分析的内容、过程、入侵特征的提取及协议分析在入侵检测中的应用,主要实现了对IP数据包内容分析,同时提出了一种与传统模式匹配算法相结合的可行入侵检测模型。经分析,该检测模型比传统的检测模型有着明显的优势。
To intrusion detection system, it makes improving efficiency of intrusion detection by choosing better method of intrusion detection, traditional intrusion detection system because of large amount of calculation, the high rate of omissions and misstatements has not already adapted to the needs of the current network system. Protocol analysis is a kind of key technology for network intrusion detection. The paper which based on that idea will introduce content, process of protocol analysis, extraction of intrusion feature and application in intrusion detection, mainly implement IP packet analysis, and point out a feasible intrusion detection model which connect with pattern matching algorithm. Compared with other model, the model has obvious advantage by analysing.
出处
《计算机技术与发展》
2008年第11期146-148,155,共4页
Computer Technology and Development
基金
教育部春辉计划科研项目(20567)
关键词
入侵检测
协议分析
模型
intrusion detection
protocol analysis
model
