协议分析在入侵检测中的应用研究

Application Study of Protocol Analysis in Intrusion Detection

模式匹配是入侵检测系统中常用的方法,其优点就是分析速度快、误报率小。但是随着网络高速发展,传统的模式匹配方法已不能满足网络安全的发展需要。在分析模式匹配技术和协议分析技术的基础上,提出了协议分析技术和模式匹配方法相结合的网络入侵监测系统的协议分析模型。

The pattern matching is a common method used in intrusion detection system the has the advantage of rapid analyzing speed and low ratio of wrong records. However, as the high development of the Intemet, the traditional approach of pattern matching can not satisfy the requirement of development for Intemet .security. Based on the analysis of technology of protocol analyzing and pat- tern matching technology, this article raises an analyzing mode for the data of intrusion detection systems through combining the technolngy of protocol analyzing and pattern matching analyzing.