摘要
传统的网络入侵检测系统大都采用模式匹配的方法进行入侵检测,有着非常高的漏报率和误报率。本文通过对模式匹配算法检测过程的描述,对其产生漏报和误报的原因进行了分析。针对模式匹配算法带来的高漏报率和误报率,引入了协议分析的方法。协议分析方法通过辨别数据包的协议类型,然后使用相应的数据分析程序进行检测。这种方法可以大幅度地降低漏报率和误报率,大大地提高了入侵检测系统的效率。
Most of network-based traditional intrusion detection system based on pattern match algorithm. It has very high false acceptance rate and false alarm rate. This paper try to analyze the reason of false acceptance and false alarm through describing the work process of pattern match algorithm. This paper introduced one method called protocol analysis due to the high false acceptance rate and high alarm rate caused by pattern match algorithm, Protocol analysis method identified the intrusion by distinguishing the protocol' s type of data package, then using the corresponding data analysis program to proceed. This method can greatly reduce the false acceptance rate and false alarm rate. The protocol analysis method greatly improved the efficiency of intrusion detection system.
出处
《微计算机信息》
北大核心
2006年第01X期36-38,18,共4页
Control & Automation
