摘要
针对高速网下IDS因性能而造成的高漏报、误报的问题,提出分析强度、分析命中率以及动态规则集的概念,建立动态规则集机制的模型,该模型可以根据网络流量和事件反馈实时动态地调整规则集的规模和分布,以提高IDS系统的整体性能,并介绍了实现中的关键技术。
Aiming to the problem of high rate of false negatives and false positives of IDS,the paper proposes the conception of analytic intensity,and analysis the matching rate and dynamic rule set,also it sets up a model by dynamic rule set mechanism.This model can improve holistic performance of IDS by regulating the scope and distribution of rule set by real time according to the flow speed of net and event feedback.Whereafter the key techniques of the implementation will be discussed.
出处
《计算机工程与应用》
CSCD
北大核心
2003年第34期139-141,164,共4页
Computer Engineering and Applications
基金
国家重点基础研究发展规划项目(编号:G1999035806)
关键词
动态规则集
分析强度
分析命中率
事件关联
Dynamic Rule Set,Analytic Intensity,Analysis Matching Rate,Relevancy Event
