摘要
为了解决基于专家系统的入侵检测系统匹配速度慢,不能适应网络高带宽要求的问题,提出了一种图形化的模型,采用分类树的方法构建规则分析机模型,根据属性在攻击描述的作用,决定节点的选择顺序,并且在搜索过程中采用树的遍历算法代替产生式规则的字符串比较方法,从而有效减少误用检测系统的属性匹配时间,满足了实时性要求。
A graphical scheme is presented in order to resolve the problems that intrusion detection systems based on expert system slowly match the rules and cant keep up with high bandwidth of networks. The classification tree is used to build the rule analysis machine. The chosen sequence of the nodes is decided according to the effect the attributes in the attack description. The method of comparing characters of production rules is replaced with the traversing algorithm of trees. It effectively reduces the time of matching the attributes in the misuse detection systems, and meets the need of the real- time problem.
出处
《计算机工程》
CAS
CSCD
北大核心
2004年第5期129-130,149,共3页
Computer Engineering
关键词
网络安全
入侵检测
分类树
模式匹配
Network security
Intrusion detection
Classification tree
Pattern matching