English  |  正體中文  |  简体中文  |  Items with full text/Total items : 16335/24215 (67%)
Visitors : 13370101      Online Users : 703
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version
    Please use this identifier to cite or link to this item: http://ir.nknu.edu.tw/ir/handle/987654321/16534

    題名: 基於規則分?的網?入侵偵測系統之效能分析與實作
    Efficacy Analysis of Network-Based Intrusion Detection System with Classification Rules and Practice of Platform Implementation
    Authors: 張浩置
    Hao-Chih Chang
    貢獻者: 楊中皇
    Chung-Huang Yang
    Keywords: 入侵偵測;規則;IDS;Snort;NIDS
    Intrusion Detection;Rule;IDS;Snort;NIDS
    Date: 2011-06-30
    Issue Date: 2011-10-18 10:20:48 (UTC+8)
    Abstract: 在享受網際網路之便利與快速發展下,卻也隱藏許多網路安全危機。網路入侵偵測系統(Network-based Intrusion Detection System,NIDS)的規則資料庫日漸龐大,在新的世代裡將面臨更多的挑戰。本研究分析開放原始碼(open source) Snort網路入侵偵測系統(Network-based Intrusion Detection System,NIDS),依主機與網路環境之不同將其規則檔(rules)重新進行調整分類,嘗試找出最適合的規則與設定,並據此調校部署NIDS。
    在調校Snort之後,我們以先前蒐集之攻擊程式與惡意程式(malware)進行實驗,比較分類前後的系統資源,驗證調校的效果。經實驗證實,採用本研究新的規則分類,可節省使用記憶體(swap) 23%,也節省CPU的負載(load average) 17%單位效能。本研究更進一步發現,規則的數量,會影響記憶體的使用率;Snort的規則比對符合與否,會影響CPU的負載(load average)。所以本研究的分類規則,能有效的減少系統資源的浪費,進而提升Snort執行的效率。
    With enjoying the convenience of rapidly developed Internet, many Internet safety problems were hiding within. The database of rules for NIDS (Network-based Intrusion Detection System) expanded gradually, however it faced numerous challenges in the new era. This research analyzed the open source Snort, and reclassified the rules based on distinct server and Internet environment, to attempt to determine the most appropriate rules and setting, and to deploy the NIDS accordingly.
    After adjustment of Snort, this research conducted experiment from previously-collected exploit and malware, to compare and verify the efficacy of system resources before and after the reclassification. According to the result, the newly adopted rules classification in this research saved 23% of swap memory, and unit efficacy load average of CPU for 17%. Further, this research discovered the number of rules influences the utilizing rate, and the fitness of rules from Snort would influence the load average of CPU. Hence, the rule classification introduced in this research may effectively reduce the waste of system resources and further improve the efficiency of implementation of Snort.
    Appears in Collections:[資訊教育研究所] 博碩士論文

    Files in This Item:

    File SizeFormat

    All items in NKNUIR are protected by copyright, with all rights reserved.

    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback