摘要
如今网络数据流量不断增加,入侵的方法也越来越多,而且变得更加隐蔽,这些给网络入侵检测带来很大的挑战.本文提出一种分布式入侵检测策略,该策略基于规则的优先级,并且对优先级高的规则采取优先匹配的原则;其中规则的优先级主要由一个时间段内每一个规则被匹配的次数来决定.根据这种策略,当网络数据流量过大,NIDS分析主机负载不能承受的时候,对于优先级比较低的规则采取不匹配的策略来动态调整规则库大小,从而缓解NIDS处理压力,进而提高NIDS的性能.
Nowadays, with the increasing of network data flows, there are more intrusion methods, which are more subtle than before. All of these posed NIDS considerable challenges. In this paper we will present a distributed intrusion detection strategy, which based on the priority of rules, and the rules of high priority will be matched first. The priority of rules is due to the times that the rules are matched in a specific period. According to this strategy, when the network data is too excessive and the NIDS can't process the data timely, it will use the un--matched strategy to adjust the size of rule set for the low priority rule. These methods can alleviate the stress of NIDS and improve the performance of NIDS.
出处
《小型微型计算机系统》
CSCD
北大核心
2009年第8期1621-1624,共4页
Journal of Chinese Computer Systems
基金
国家"八六三"高技术研究发展计划基金项目(2006AA09Z139)资助
关键词
高速网络
优先级
动态规则集
蜜罐技术
协议分流
入侵检测
high-speed network
priority
dynamic rule set
honeypot
agreement diversion
intrusion detection
