摘要
入侵检测是一种用于检测网络中违反安全策略行为,并做出保护反应的技术。从体系结构、基本功能方面对开源的Snort入侵检测系统进行深入分析,构建基于Linux平台的Snort网络入侵检测系统,并以FTP服务为例,阐述了Snort规则的配置,以及对FTP服务进行报警的过程。
Intrusion detection is a kind of technology used to detect the behavior in a network security breach strategy and make the protection of network.This paper makes an in-depth analysis on the open source Snort intrusion detection system from the perspectives of the structure and basic functions of the system,builds Snort network intrusion detection system based on a Linux platform,and expounds the configuration of Snort rules,as well as the process of alarm for FTP service.
引文
[1]百度百科.入侵检测技术[EB/0L].http:★aike.baidu.com/link?url:2RjiurEjSlsPKIxmw8qjb6Jy2Py-lk-LVpyoBYZCFZ5B ZiReM WY9wKxqLfgIc2NI96X4aR3-PdhQB ASSNrOcJ_,2014-03-01.
[2]沈亮,陆臻,张艳,宋好好.网络入侵检测系统原理与应用[M].北京:电子工业出版社,2013.
[3]蔡伯清.分布式入侵检测系统节点联动算法研究[D].南京:南京理工大学,2009.
[4]陈伟,周继军,许德武.Snort轻量级入侵检测系统全攻略[M].北京:北京邮电大学出版社,2009.
[5]熊平.信息安全原理及应用(第2版)[M].北京:清华大学出版社,2012.