串匹配型入侵检测系统的改进

Improvement of content-based intrusion detection system

针对当前串匹配型入侵检测系统普遍面临的误报率漏报率高、自身的性能难以适应快速增长的网络流量需求等问题,本文以提高检测的速度和准确率为目的对串匹配型入侵检测系统进行分析,从串匹配算法、规则库结构等方面对其进行改进,并提出了具体的方案。

Current based-contentintrusion detection systems (IDS) are confronted with some problems. Inaddition to highfalse positive ratio and high false negative ratio, its own performance is difficult to adapt to the need of increasing network traffic. To improve the speed and accuracy of the detection, this paper analyzes the content-based IDS firstly, and secondly presents the im- proving schemes from string matching algorithms and the structure of signature library.