Snort入侵检测系统的规则库的分析和的研究.doc

Snort入侵检测系统的规则库的
分析和研究
院系:
专业班:
姓名:
学号:
指导教师:

2013年5月
Snort入侵检测系统的规则库的
分析和研究
Analysis and Research
in Rule Base of Snort Intrusion Detection System
摘要
随着网络技术的快速发展和网络应用环境的不断普及,网络安全问题日益突出。在传统的加密和防火墙技术已经不能完全满足安全需求的同时,入侵检测技术作为一种全新的安全手段,越来越显示出其重要性。
入侵检测作为一种积极主动的安全防护技术,提供了对内部攻击、外部攻击和误操作的实时保护,对入侵攻击的检测与防范已成为刻不容缓的重要课题。Snort系统是一个典型的网络入侵检测系统,其设计原理和功能实现的研究,是目前多数商用入侵检测系统的研发基石。对Snort系统的研究具有较强的学术意义和较高的商业价值。
本文以Snort系统为研究对象,阐述系统的基本架构,剖析其规则,并探讨了Snort规则的具体应用。首先,本文介绍了入侵检测技术的基本知识,接着描述了Snort系统功能、特点及各模块的工作流程,随后重点对Snort的规则进行了阐述,最后分析了Snort的一些典型规则实例,并就一个实例规则做了改进。
关键词:入侵检测系统 Snort规则规则实例
Abstract
Along with the fast development of work technology and the universal application of work environmental, the safe problem work is increasingly traditional encryption techniques and the Fire wall technique cannot meet the expectations as a safe means, Intrusion Detection techniques has displayed its import role.
Intrusion Detection,as a positive security and defense technology,provides real-time
security aiming at inner attack,outer attack and error es an important
subject for intrusion attack and Snort is a Intrusion Detection System and some of design principle and characteristics of which is the base of most popular mercantile Intrusion Detection System .There are strong academically mercial value to the research of Snort.
In this text,the writer regards Snort as the research object, analyzing its rules, expounding the basic structure of the Snort system, and studying the technique in application of of all, this article describes the basics of the technology of intrusion detection, the Snort system functions, features and workflow for each module, then the focus to the Snort rules set forth, and finally analysis of some typical snort rule instances, analysis and improvement of a rule instance did.
Key words: Intrusion Detection System Snort rules Rule instance
目录
摘要 I
Abstract II
绪论 1
1 入侵检测系统 2
ID