English  |  正體中文  |  简体中文  |  Items with full text/Total items : 49292/83829 (59%)
Visitors : 7160384      Online Users : 72
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library & TKU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version
    Please use this identifier to cite or link to this item: http://tkuir.lib.tku.edu.tw:8080/dspace/handle/987654321/87935


    Title: 比較PCRE與RE2正規表達式函式庫在Snort入侵偵測系統中之效能
    Other Titles: Comparing the performance of PCRE and RE2 regular expression libraries in the Snort intrusion detection system
    Authors: 邱奕湶;Chiu, Yi-Chuan
    Contributors: 淡江大學資訊工程學系碩士班
    蔡憶佳
    Keywords: 網路攻擊;封包擷取;Snort;PCRE;RE2;Network Attack;Packet Capture
    Date: 2012
    Issue Date: 2013-04-13 11:53:03 (UTC+8)
    Abstract: 現今網路蓬勃發展導致網路攻擊不斷地變換型態,對於未知的攻擊防禦所以網路安全就相對的重要。大多網路對外防禦攻擊通常為防火牆與網路入侵偵測系統搭配,防火牆僅能阻擋非法的連線請求,當有一挾帶惡意攻擊的封包順利通過防火牆,網路入侵防禦系統就占了相當重要的角色。近年來最廣為使用的網路入侵偵測系統Snort因開放原始碼且容易進行修改,也有許多網站因應各式各樣的網路攻擊型態撰寫Snort規則散布於網路上供使用者取得,而Snort比對的正規表達式寫於Snort規則內故本研究將以Snort規則作為研究對象。
    Snort經由PCRE(Perl Compatible Regular Expressions)正規表達式函式庫進行特徵碼比對,以判斷封包是否有挾帶異常的行為,本研究以Google發布的RE2正規表達式函數庫在Snort規則上進行修改,並以PCRE與RE2的CPU使用率、執行時間及記憶體使用多寡進行比較,結果證明RE2在進行Snort規則比對的執行時間而言較PCRE穩定。
    A huge amount of online personal information has led to growing number of cyber-attacks. Most network defense strategies use firewalls and network intrusion detection systems. Firewalls can only block illegal connection requests, however, malicious packets can still get through the firewall. Therefore, network intrusion prevention systems play an important role in the defense of attacks. Snort is a commonly used network intrusion detection system. It is an open source software and easy to modify. Snort rules consist of formal descriptions of the attack patterns and through which Snort used to determine abnormal network traffics. The pattern is written in PCRE (perl compatible regular expression).
    This study compares the use of Google''s RE2 regular expression library and PCRE in Snort rules. Their cpu usages, execution time and memory amount are examined and the results showed RE2 has better performance than PCRE for certain patterns.
    Appears in Collections:[資訊工程學系暨研究所] 學位論文

    Files in This Item:

    File SizeFormat
    index.html0KbHTML139View/Open

    All items in 機構典藏 are protected by copyright, with all rights reserved.


    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library & TKU Library IR teams. Copyright ©   - Feedback