«上一篇/Previous Article|本期目录/Table of Contents|下一篇/Next Article»

ISSN.1000-5013.2016.02.0168]
点击复制

改进Boyer匹配算法在Snort入侵检测中的应用()

分享到：

《华侨大学学报（自然科学版）》[ISSN:1000-5013/CN:35-1079/N]

卷:: 第37卷
期数:: 2016年第2期

页码:: 168-170

栏目:

出版日期:: 2016-03-20

文章信息/Info

Title:: Application of Improved Boyer Matching Algorithmin Snort Intrusion Detection

文章编号:: 1000-5013(2016)02-0168-03

作者:: 马小雨¹; 刘双红²; 1. 河南工程学院计算机学院, 河南郑州 451191;2. 郑州航空工业管理学院计算机科学与应用系, 河南郑州 450046

Author(s):: MA Xiaoyu¹; LIU Shuanghong; 1. School of Science, Henan University of Engineering, Zhengzhou 451191, China; 2. Department of Computer Science and Application, Zhengzhou University of Aeronautics, Zhengzhou 450046, China

关键词:: 网络安全; 入侵检测; Snort系统; Boyer算法

Keywords:: network security; intrusion detection; Snort system; Boyer algorithm

分类号:: TP393.08

DOI:: 10.11830/ISSN.1000-5013.2016.02.0168

文献标志码:: A

摘要:: 以Snort入侵检测系统为研究对象,探讨其规则匹配环节的适用算法,并在Boyer算法的基础上设计一种改进方法.此方法首先设计了一个统计数组,然后以两个相邻字符为组合执行匹配,并分为3种策略判断如何确定最大移动长度.实验结果表明:这种改进措施,使得最大移动长度更加合理,相比于Boyer方法,改进方法的字符比较次数明显降低,窗口移动次数明显降低,执行时间明显减少.

Abstract:: In this paper, the application of Snort intrusion detection system is studied. An improved method based on Boyer algorithm is designed. This method first designs a statistical array, then executes the matching with two adjacent characters, and divides into three strategies to determine the maximum movement length. Experimental results show this improvement makes the maximum movement length more reasonable. Compared with the Boyer method, the proposed method is significantly lower than the number of characters method, the number of windows mobile number is significantly reduced, the execution time is significantly reduced.

参考文献/References:

[1] SRIDHAR M,VAIDYA S,YAWAKJAR P.Intrusion detection using keystroke dynamics and fuzzy logic membership functions[C]//Proceedings International Conference on Technologies for Sustainable Development.Switzerland:Bridges Press,2015,27(4):444-458.
[2] 李杰.基于Snort的入侵检测系统规则解析及改进研究[J].电子技术与软件工程,2014,19(8):240.
[3] PARVAT T J,CHANDRA P.Performance improvement of deep packet inspection for intrusion detection[C]//Proceedings 2014 IEEE Global Conference on Wireless Computing and Networking.[S.l.]:IEEE Press,2014:224-228.
[4] PASTRANA S,TAPIADOR J E,ORFILA A.Defidnet: A framework for optimal allocation of cyberdefenses in intrusion detection networks[J].Computer Networks,2015,80:66-88.
[5] 谭笑,柯泽贤.基于混合高斯和帧间差分的机场安全入侵检测[J].计算机仿真,2014,31(11):38-41.
[6] 陈柏生,吴可沾,杨育辉.互联网用户安全登陆平台设计[J].华侨大学学报(自然科学版),2011,32(6):638-640.
[7] 储泽楠,李世扬.基于节点生长马氏距离K均值和HMM的网络入侵检测方法设计[J].计算机测量与控制,2014,22(10):3406-3409.
[8] MACDERMOTT A,SHI Q,KIFAYAT K.Collaborative intrusion detection in a federated cloud environment using the Dempster Shafer theory of evidence[C]//European Conference on Information Warfare and Security.[S.l.]:Earlybird Press,2015,195-203.
[9] PAN Zhiwen,HARIRI S,AI-NASHIF Y.Anomaly based intrusion detection for building automation and control networks[C]//Proceedings of IEEE/ACS International Conference on Computer Systems and Applications.Morocco:EasyChair Press,2015:72-77.
[10] 袁其帅,刘云朋.基于人工免疫原理的网络入侵检测系统的应用与研究[J].科技通报,2014,30(11):131-135.
[11] 钱勤,张减,张坤,等.用于入侵检测及取证的冗余数据删减技术研究[J].计算机科学,2014,41(11):252-258.

相似文献/References:

[1]吴金龙,吕吉实.利用JAVA编程实现网络安全通信[J].华侨大学学报(自然科学版),1999,20(3):312.[doi:10.11830/ISSN.1000-5013.1999.03.0312]
　Wu Jinlong.Realizing Network Safety Communication by Applying JAVA Programming[J].Journal of Huaqiao University(Natural Science),1999,20(2):312.[doi:10.11830/ISSN.1000-5013.1999.03.0312]
[2]喻小光,陈维斌,潘孝铭.一种基于SOCKS5的Web安全代理技术[J].华侨大学学报(自然科学版),2007,28(3):268.[doi:10.3969/j.issn.1000-5013.2007.03.012]
　YU Xiao-guang,CHEN Wei-bin,PAN Xiao-ming.The Research on the Technique of Web Security Proxy Based on SOCKS 5[J].Journal of Huaqiao University(Natural Science),2007,28(2):268.[doi:10.3969/j.issn.1000-5013.2007.03.012]

备注/Memo

备注/Memo:: 收稿日期: 2015-12-22
通信作者: 马小雨(1978-),男,讲师,博士研究生,主要从事计算机网络与安全的研究.E-mail:2622810975@qq.com.
基金项目: 河南省科技厅科研项目(102102310261)

常用功能

工具/Tools

统计/Statistics

摘要浏览/Viewed1771
全文下载/Downloads545
评论/Comments

更新日期/Last Update: 2016-03-20