传统的网络入侵检测系统已经不能满足如今人们对网络安全的要求。基于网络协议分析,提出一种内部规则和外部规则相结合的改进的系统设计。在外部规则中,设计一种新的特征描述语言,类似传统的编程语言,易懂且功能强大。通过内部规则的引入,将协议分析检测中的逻辑进行丰富,实现对复杂、含状态的攻击的检测。相比较于现有的系统,新设计的网络入侵检测系统的检测区域更加精准,检测能力得到提高。%Traditional network intrusion detection system has been unable to meet people ’ s demands of network security today . This paper presents a new design with internal rules and external rules based on protocol analysis .In external rules , a new threats description language is designed , which is similar to traditional programming languages , understandable and powerful .The inter-nal rules enrich the logic in detection so that complex threats or even which with status can be detected .Compared with the sys-tem available , this new design is more accurate and more powerful .
展开▼