计算机与现代化 ›› 2012, Vol. 198 ›› Issue (2): 165-167.doi: 10.3969/j.issn.1006-2475.2012.02.044

• 信息安全 • 上一篇    下一篇

基于统计阈值的Snort规则集动态产生的设计与实现

任丙忠1,孔文焕2   

  1. 1.山东科技大学电气信息系,山东济南250031; 2.济南职业外语学校,山东济南250021
  • 收稿日期:2011-10-18 修回日期:1900-01-01 出版日期:2012-02-24 发布日期:2012-02-24

Design and Realization of Dynamic Rule Sets of Snort Based on Threshold of Statistics

REN Bing-zhong1, KONG Wen-huan2   

  1. 1.Department of Electrical Engineering and Information, Shandong University of Science and Technology, Ji’nan 250031, China;2. Ji’nan Vocational College of Foreign Language, Ji’nan 250021, China
  • Received:2011-10-18 Revised:1900-01-01 Online:2012-02-24 Published:2012-02-24

被引次数

6

摘要: Snort作为开源的入侵检测系统,利用定义的静态规则集合实现对网络的入侵事件的检测。本文分析入侵检测系统的基本原理和模型,阐述Snort入侵检测系统部署到网络时,其静态规则集的配置方法,根据统计流量阈值和告警频率阈值动态产生动态规则集的方法,改进并提高了部署Snort应有的灵活性。

关键词: 入侵检测系统, 规则集, 动态配置, Snort

Abstract: Snort is an opensource intrusion detection system. It detects intrusion with the static rule sets. The paper analyses the rationale and model of intrusion detection system. It introduces how to configure the static rule sets of Snort, describes a method of making dynamic rule sets according to the threshold of statistics flow and the threshold of alert frequency, this method improves and enhances the deployment of flexibility Snort should have.

Key words: intrusion detection system (IDS), rule set, dynamic configuration, Snort

中图分类号: 

版权所有 © 《计算机与现代化》编辑部
地址:江西省南昌市西湖区井冈山大道1416号 邮编:330003
电话:0791-86490996  传真:0791-86492535  Email:jgsdd@163.com
本系统由北京玛格泰克科技发展有限公司设计开发