入侵检测系统——Snort的剖析与研究

Dissecting and Researching of Intrusion Detection System Snort

入侵检测系统(IDS)是信息安全体系结构的重要组成部分。本文简要介绍了入侵检测系统的概念及分类,并从系统结构,工作原理,功能特点等方面分析了Snort这个优秀的轻量级的开源网络入侵检测系统。文中在探讨这些的同时,也着重研究了它的规则描述语言,最后给出了对它的评价。

Intrusion detection system (IDS) is the key component of the architecture of information security. This paper presents a brief introduction to the development and taxonomy of IDS. Snort that is an excellent lightweight open source network-based intrusion detection system is analyzed from architecture, work principle and the char- acteristic of function. And the paper also gives a stress on the analysis of the Snort rules. Finally, an evaluation and conclusion are given.