论文部分内容阅读
入侵检测系统是计算机网络安全系统的一个重要组成部分。目前国内外有许多实验室和公司在从事入侵检测系统的研究和开发,并已完成一些原型系统和商业产品。Snort是国外的一个开放源代码的入侵检测系统。文章系统分析Snort规则的组成,详细介绍了各个部分的含义,并对不同版本之间的差别进行了总结。这对于进行入侵检测系统研究,建立自己的攻击特征库都有很大的帮助。
Intrusion detection system is an important part of computer network security system. At present, many laboratories and companies at home and abroad are engaged in the research and development of intrusion detection systems and have completed some prototype systems and commercial products. Snort is an open source intrusion detection system abroad. The article systematically analyzes the composition of Snort rules, details the meaning of each part, and summarizes the differences between different versions. This is very useful for conducting intrusion detection system research and building your own signature database.