摘要
Snort是一个著名的开源入侵检测系统,经过若干年的发展,已经成为一个稳定、高效的入侵检测系统。通过对Snort及其规则的分析,介绍了Snort的规则组织结构及其规则匹配流程,并在此基础上实现了对于规则的更新和添加功能,便于用户灵活定义新的入侵检测规则,提升了Snort系统的可扩展性和防范入侵攻击的能力。
Snort is a well-known open source intrusion detection system,after several years of development,it has become a stable and efficient IDS.This paper mainly analyzes the basic structure of Snort and its rules,and introduces the organizational structure and rules matching process of Snort.Based on this,the update and addition of new rules are implemented which makes users define their own new intrusion detection rules flexibly.This paper can raise the scalability of Snort system and enhance the ability to protectagainst attacks of network.
出处
《计算机安全》
2009年第9期45-48,共4页
Network & Computer Security
