摘要
针对目前应用在UNIX系统中入侵检测知识库适应能力不足的问题.提出了一种适应于不同系统环境的知识库体系结构。检测规则按相应系统与服务类型以模块化形式存储,通过应用配制文件加载。实现了入侵检测知识库的可扩展性.提高了入侵检测知识库的通用性,并且可以提高检测规则的搜索效率。
Due to the problem of presently IDS knowledge base in UNIX lacking of flexibility, we present an adaptive knowledge base architecture .The detection rules are stored by modules and loaded by configuration files .The architecture can realize the extensibility of knowledge base and enlarge the application areas, what's more, improve the efficient of searching for the according detection rules.
出处
《网络安全技术与应用》
2003年第11期27-29,共3页
Network Security Technology & Application
