网络入侵检测系统Snort的安全性分析.pdf

网络入侵检测系统snort的安全性分析 象，分析了网络入侵柃测系统的薄弱环节和可能受到的攻击，并提出 ～些改进措施。在对Snort源代码进行分析的基础上，对Snort的安 全性问题进行了深入的研究。最后，引入厂协议流分析、规则优化等 技术来提高Snort检测效率，并提出一个新的异常误用混合系统方 案，该方案大大提高了Snort的安全性能。 关键字：网络入侵检测、Snort、薄弱环节、协}义流分析、规则优化 网络入侵榆测系统Snort的安全性分析 ofthe ofSnortNetworkIntrusion Analysissecurity Detection System ABSTRACT Asthescienceand are intheeraof technologydevelops，weliving oftheinformation information．HoweveLtakingadvantage technology, wehavetofacethe ofinformationwhichbecomesmore problem security serious． Traditional mechanismisastatic network deployedsecurity strategy．As attackshaveincreasedinnumberand hasnoactive severity,it response IntrusionDetectionwhichis a mechanismis an dynamicsecurity of the and confidentialityintegrity importantcomponentprotecting ofinformationresources availability information Detection canbeclassifiedas By sources，IntrusionSystems Host—BasedIDSs．NIDSs Network-BasedIDSsand analyzepackets backbonesorLAN fromnetwork segments．HIDSsanalyze captured informationsources the an generatedby operatingsystem．Asopen source is usedandstudied． NIDS，Snortwidely Onebasic researchisthat