淡江大學機構典藏:Item 987654321/87935
English  |  正體中文  |  简体中文  |  全文笔数/总笔数 : 62797/95867 (66%)
造访人次 : 3734594      在线人数 : 408
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library & TKU Library IR team.
搜寻范围 查询小技巧:
  • 您可在西文检索词汇前后加上"双引号",以获取较精准的检索结果
  • 若欲以作者姓名搜寻,建议至进阶搜寻限定作者字段,可获得较完整数据
  • 进阶搜寻


    jsp.display-item.identifier=請使用永久網址來引用或連結此文件: https://tkuir.lib.tku.edu.tw/dspace/handle/987654321/87935


    题名: 比較PCRE與RE2正規表達式函式庫在Snort入侵偵測系統中之效能
    其它题名: Comparing the performance of PCRE and RE2 regular expression libraries in the Snort intrusion detection system
    作者: 邱奕湶;Chiu, Yi-Chuan
    贡献者: 淡江大學資訊工程學系碩士班
    蔡憶佳
    关键词: 網路攻擊;封包擷取;Snort;PCRE;RE2;Network Attack;Packet Capture
    日期: 2012
    上传时间: 2013-04-13 11:53:03 (UTC+8)
    摘要: 現今網路蓬勃發展導致網路攻擊不斷地變換型態,對於未知的攻擊防禦所以網路安全就相對的重要。大多網路對外防禦攻擊通常為防火牆與網路入侵偵測系統搭配,防火牆僅能阻擋非法的連線請求,當有一挾帶惡意攻擊的封包順利通過防火牆,網路入侵防禦系統就占了相當重要的角色。近年來最廣為使用的網路入侵偵測系統Snort因開放原始碼且容易進行修改,也有許多網站因應各式各樣的網路攻擊型態撰寫Snort規則散布於網路上供使用者取得,而Snort比對的正規表達式寫於Snort規則內故本研究將以Snort規則作為研究對象。
    Snort經由PCRE(Perl Compatible Regular Expressions)正規表達式函式庫進行特徵碼比對,以判斷封包是否有挾帶異常的行為,本研究以Google發布的RE2正規表達式函數庫在Snort規則上進行修改,並以PCRE與RE2的CPU使用率、執行時間及記憶體使用多寡進行比較,結果證明RE2在進行Snort規則比對的執行時間而言較PCRE穩定。
    A huge amount of online personal information has led to growing number of cyber-attacks. Most network defense strategies use firewalls and network intrusion detection systems. Firewalls can only block illegal connection requests, however, malicious packets can still get through the firewall. Therefore, network intrusion prevention systems play an important role in the defense of attacks. Snort is a commonly used network intrusion detection system. It is an open source software and easy to modify. Snort rules consist of formal descriptions of the attack patterns and through which Snort used to determine abnormal network traffics. The pattern is written in PCRE (perl compatible regular expression).
    This study compares the use of Google''s RE2 regular expression library and PCRE in Snort rules. Their cpu usages, execution time and memory amount are examined and the results showed RE2 has better performance than PCRE for certain patterns.
    显示于类别:[資訊工程學系暨研究所] 學位論文

    文件中的档案:

    档案 大小格式浏览次数
    index.html0KbHTML243检视/开启

    在機構典藏中所有的数据项都受到原著作权保护.

    TAIR相关文章

    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library & TKU Library IR teams. Copyright ©   - 回馈