Full metadata record
DC FieldValueLanguage
dc.contributor.author林惠君en_US
dc.contributor.authorSophia Linen_US
dc.contributor.author羅濟群en_US
dc.contributor.authorDr. Chi-Chun Loen_US
dc.date.accessioned2014-12-12T02:30:34Z-
dc.date.available2014-12-12T02:30:34Z-
dc.date.issued2002en_US
dc.identifier.urihttp://140.113.39.130/cdrfb3/record/nctu/#NT910396025en_US
dc.identifier.urihttp://hdl.handle.net/11536/70297-
dc.description.abstractRule-based的NIDS雖然具有偵測準確度高的關鍵優點,但是封包檢查的效能卻是一大瓶頸。隨著高速網路時代的來臨,NIDS將必須具備快速地檢查封包的能力,以免遭遇大量封包攻擊時,會讓可疑的封包有趁虛而入的機會。 在封包檢測的過程中,最耗時的程序就是字串比對,因此要加速封包比對的首要之道就是加速字串比對的過程。本篇論文參考目前知名的IDS開放原始碼—SNORT,以其架構做為基準,並將集群分析的概念套用在階層式的比對架構之上,來進行字串的分類與比對。本文中採用了兩種不同的的集群分析(Cluster Analysis)方法,一是用最長連續共同子字串(Longest Common Consecutive Substring)來做字串的分群,另一實驗是利用最長連續共同子序列(Longest Common Subsequence)來做分群。最後將分群的結果和原本的特徵規則相結合,利用分群後的群組來縮小封包的比對範圍,使得IDS的封包比對過程能更有效率。zh_TW
dc.description.abstractRule-based Network Intrusion Detection System(NIDS)has a critical advantage in high detection accuracy , however , the packet filtering performance of rule-based NIDS is a major bottleneck and vulnerable point on high-speed LANs . In many papers, it is asserted that, string matching is the performance bottleneck during the packet filtering procedure. Therefore, in order to improve the efficiency of NIDS, we need to speed up the performance of string matching. This paper is based on the architecture of SNORT, the most famous and widely adopted open source IDS, and then we present a new method to modify the string matching procedure of the original architecture. In our new method, we choose two different string matching algorithms to construct the pattern rule groups. One algorithm is Longest Common Consecutive Substring, and the other is Longest Common Subsequence. After clustering the pattern rules, we get the rule groups, and apply the groups to the original pattern rules. Finally, we examine the performance of the modified architecture, and we can find that the performance of IDS is clearly improved, because of the decreasing numbers of groups needed to be examined in string matching function.en_US
dc.language.isozh_TWen_US
dc.subject入侵偵測zh_TW
dc.subject特徵比對zh_TW
dc.subject字串比對zh_TW
dc.subject分群zh_TW
dc.subject最長連續共同子字串zh_TW
dc.subject最長連續共同子序列zh_TW
dc.subjectIntrusion detectionen_US
dc.subjectpattern matchingen_US
dc.subjectstring matchingen_US
dc.subjectclusteren_US
dc.subjectLongest common consecutive substringen_US
dc.subjectLongest common subsequenceen_US
dc.title改善以規則為基礎的入侵偵測系統封包比對效能之研究zh_TW
dc.titleImproving the Efficiency of Packet Filtering in A Rule-Based Intrusion Detection Systemen_US
dc.typeThesisen_US
dc.contributor.department資訊管理研究所zh_TW
Appears in Collections:Thesis