节点文献
基于Snort入侵检测系统在校园网中的应用研究
Applied Research on Snort Based Intrusion Detection System over Campus Network
【作者】 李卫军;
【导师】 史维峰;
【作者基本信息】 西北大学 , 计算机软件与理论, 2009, 硕士
【摘要】 近年来,网络安全作为一个严肃的问题呈现在人们面前。入侵检测技术是一种与防火墙不同的动态防御技术,是继防火墙技术之后的最重要的网络安全保障技术。因此研究入侵检测具有十分重要的理论意义和应用价值。本文分析了入侵检测的方法及统一CIDF的模型,分析了著名的开源网络入侵检测系统Snort的工作原理和模式匹配算法。研究了的规则链表和快速规则匹配引擎所依赖的快速规则链表。Snort是一个强大的轻量级网络入侵检测系统,它具有实时数据流量分析和日志IP网络数据包能力,能够进行协议分析,对内容进行搜素/匹配;它能够检测各种不同的攻击方式,对攻击进行实时报警;因此,Snort具有很好的扩展性和可移植性,可以满足广泛的网络应用环境。本文在讨论Snort的工作原理的基础上,提出了改进Snort入侵检测系统存在的不足。采用规则优化技术创建高效的规则集以提高规则匹配的速度;改进模式匹配算法,减少模式匹配所花费的时间。本文最后设计了一个基于开放源代码-Snort的校园网入侵检测系统。该系统在实际的应用中达到预期的效果和目的。
【Abstract】 In recent years, we have to face with network security as a serious issue in front of people. Intrusion detection technology is a dynamic defense technology different from firewall technology following the most important network security technology. Therefore research on intrusion detection is great theoretical significance and application value.Firstly this paper analyzes the intrusion detection method and a unified model CIDF. The rules list and the fast rules list which fast rule matching engine fast rules on were studied. The working principle and pattern-matching algorithms of the well-known open source Snort network intrusion detection system was analyzed. Finally this paper studied the rules list and fast rules matching engine to rely on the list rules.As a powerful lightweight network IDS, Snort has very good expansibility and portability. It has powerful features and flexibility to adapt a wide range of application environments. By discussing the working of Snort principle, safety deficiencies of IDS were discussed. This paper uses optimization rules technology to create efficient rules in order to improve the speed of matching rules. Improve the pattern matching algorithm to reduce the time it takes.In this paper, an Intrusion Detection System over Campus Network is designed based on open source—Snort. By using the model of optimization rules technology, the improved detect matching engine is faster than the original one. The system achieves the desired objective by the final tests.