论文部分内容阅读
基于网络的入侵检测系统(NIDS)的部署,不会增加其网络主机的负荷,通过分析网段中数据包,进行实时监测和响应,在混杂模式下监听对比分析。Snort其开源特性,具有短小精悍、延伸能力强,具有很强的跨平台特性。本文从Snort工作模式和检测规则库生成,综述其源码构成及核心数据结构特征。
The deployment of network-based intrusion detection system (NIDS) will not increase the load on its network hosts. It monitors and responds in real time by analyzing the data packets in the network segment, and then monitors and compares it in promiscuous mode. Snort its open source features, with short and pithy, extensibility, with strong cross-platform features. This article generated from the Snort working mode and detection rule base, summarizes its source code structure and core data structure features.