摘要
传统的网络入侵特征检测方法,检测准确性低。因此,设计并实现基于Libnids分布式入侵检测系统,该系统将多网络环境分割为不同逻辑区域,各逻辑区域包含不同的分析节点,各分析节点由数据探测部件、分析检测部件和管理控制部件组成。在系统实现方面,利用WinPcap函数库完成数据包的采集,依据采集的数据包,通过WM模式匹配算法和协议分析匹配检测模型,进行差异化入侵特征的检测。实验结果表明,该系统具有较高的检测率、较低的虚警率和漏报率。
Since the traditional network intrusion feature detection method has low detection accuracy,a distributed intru-sion detection system based on Libnids was designed and implemented.The system segments the multi-network environment intodifferent logical areas.Each logical area contains different analysis nodes,and each node is composed of the data detectionunit,analysis and detection unit,and management control unit.The WinPcap function library is used to acquire the data pack-age,according to which,the WM pattern matching algorithm and protocol analysis matching detection model are used to detectthe differentiated intrusion feature.The experimental results show that the system has high detection rate,low false alarm rateand low missing report rate.
作者
周小松
刘帅
ZHOU Xiaosong;LIU Shuai(College of Computer Technology & Software Engineering,Wuhan Polytechnic,Wuhan 430074,China;College of Computer Science,Inner Mongolia University,Hohhot 010010,China)
出处
《现代电子技术》
北大核心
2017年第10期149-152,共4页
Modern Electronics Technique
基金
国家自然科学基金青年基金(61502254)
关键词
多网络
差异化入侵特征
WinPcap函数库
检测平台
multi-network
differentiation intrusion feature
WinPcap function library
detection platform
