摘要
规则库的构建是入侵检测系统的核心之一。通过对主流入侵特征规则库的研究,发现了规则库中特征描述文件较为繁杂、可读性较差、对协议的支持深度不够的现状,无法满足在协议愈发多样化的情况下对内容进行特征匹配的需求。根据以上背景,提出了一种基于Jave Script对象简谱(JSON)的计算机网络入侵监测规则设计方法。对网络数据进行协议结构化处理,实现对各协议字段的针对性检测。其具有结构清晰、可读性高、易扩展的特点,同时还满足不同应用协议的多样性需求。对不同样本进行规则设计与实现,并进行数据验证测试。其结果基本符合设计要求。在应用多样化的背景下,结构设计的高可读性、易扩展性越发重要。改进的规则设计可以为其他开发人员提供一种可行的思路与方法。
The construction of rule base is one of the cores of intrusion detection system.Through the study of mainstream intrusion feature rule base,it is found that the current situation that the feature description file in the rule base is more annoying,poor readability,and insufficient depth of support for protocols cannot meet the demand for feature matching of contents in the case of increasingly diversified protocols.According to the above background,a design method based on Java Script object notation(JSON)for computer network intrusion monitoring rules is proposed.By structuring the network data into protocols,the performing targeted detection on each protocol field is realized.It has the characteristics of clear structure,high readability,and easy expansion,and meets the demand for diversity of different application protocols.By designing and implementing rules for different samples and conducting data verification tests,the results basically meet the design requirements.In the context of application diversification,the high readability and easy scalability of the structure design are more and more important,and the improved rule design can provide a feasible idea and method for other developers.
作者
贾宝林
连栋
JIA Baolin;LIAN Dong(Shanghai Institute of Process Automation&Instrumentation Co.,Ltd.,Shanghai 200233,China)
出处
《自动化仪表》
CAS
2022年第8期107-111,117,共6页
Process Automation Instrumentation
基金
上海市工业互联网创新发展专项基金资助项目(2020-GYHLW-01034)。
关键词
入侵检测
入侵检测系统
Java
Script对象简谱
应用层协议
规则设计
数据匹配
软件架构
系统设计
Intrusion detection
Intrusion detection system(IDS)
Java Script object notation(JSON)
Application layer protocol
Rule design
Data matching
Software architecture
System design