融合扫描技术的入侵检测系统研究与实现

Research and Implementation of Intrusion Detection System Merged Scanner Technique

入侵检测(IDS)技术虽然已经经过了二十多年的发展,但总体上它的技术还不是很成熟,还有很多问题尚未得到很好的解决,例如:高误报率、漏报率以及检测速率低下已是目前IDS发展的瓶颈.本文针对这两个问题提出一种解决方案,即将扫描技术运用到IDS中来.充分利用扫描的结果,对IDS的规则库进行精简,提高匹配速率;对IDS发出的警报进行验证,降低漏报率和误报率.

Although the intrusion detection technique has been developed about twenty years, the technique in the whole is not mature, and there are rate of false positives and negatives and IDS. This work proposes a new solution It dynamically compacts the rules bases results, so it can improve the matching many problems now that do not have the best solutions, such as： the high the low efficiency of detection have been the bottleneck of development of scheme for the problems, that is, applying the scanning technique to IDS. of IDS and validates the alarms of IDS by making full use of the scanning speed and bring down the rate of false negatives and positives.