摘要
模式匹配因误报率低和漏报率低被入侵检测所采用.在使用正则表达式构造DFA时,因状态爆炸导致匹配算法需要较多的存储空间和运行时间,算法效率低下,采用规则分组后,可以在一定程度上抑制状态爆炸问题.根据缓存中的历史记录对正则表达式进行分组,既能利用规则分组减少状态总数,抑制状态爆炸,又能减少因每次重新构建DFA所带来的开销,提高了匹配效率,有利于提高入侵检测的实时性、准确性和高效性.
Pattern matching is adopted by intrusion detection because of low false alarm and missed alarm.When using regular expressions to construct DFA,the matching algorithm needs more storage space and run-ning time because of the state explosion.The efficiency of the algorithm is low.After using rule grouping,the problem of state explosion can be restrained to a certain extent.According to the history records in the cache,grouping regular expressions can not only reduce the total number of states by grouping rules,which suppresses the state explosion to a certain extent,but also reduce the overhead caused by reconstructing DFA each time,improve the efficiency,and help to improve the real-time,accuracy and efficiency of intrusion detection.
作者
朱俊
ZHU Jun(School of Computer and Information,Hefei University of Technology,Hefei 230009,China;Anhui Technical College of Water Resources and Hydroelectric Power,Hefei 231603,China)
出处
《湖南工程学院学报(自然科学版)》
2021年第2期49-53,共5页
Journal of Hunan Institute of Engineering(Natural Science Edition)
基金
安徽省高校自然科学重点研究项目(KJ2017A599,KJ2018A0944)
安徽省高校优秀拔尖人才培育项目(gxgnfx2019133)
安徽省高校质量工程项目(2018mooc305,2019cxtd059).
关键词
入侵检测系统
模式匹配
正则表达式
确定性有限自动机
intrusion detection system
pattern matching
regular expression
deterministic finite automata
