网络入侵检测系统整体设计分析

A Design Analysis on NIDS

随着网络信息量的迅猛增长,网络攻击方式的不断翻新,网络入侵检测系统经过了由集中式处理到分布式处理、由简单软件结构到通用功能模块设计的变化过程。文中对入侵检测系统的功能模块进行了详细研究,重点设计分析了NIDS中重要的模块:HTTP协议流分析器和检测引擎部分,给出了设计中考虑到的部分增强性能。因模块具有的灵活结构,所以该设计提供了很好的模块复用性和扩展性。

With exponential increment of network information, constant variation of intrusion methods,intrusion detection system has been experienced the following evolution:from central process to distributed detection, from simple software architecture to common function module. From this perspective,presents a research on function module of NIDS,and a new HTTP protocol flow analyzer and detection engine of NIDS that has been emphasized to use are analyzed. Finally the partial enhanced performance are analyzed. Based on the module designing method, so the design analysis afford a highly reusable and expandable of module.