| Summary: | 碩士 === 中原大學 === 資訊工程研究所 === 93 === With the Internet seeing more and more attacks, and attacking skills
evolving. Internet attack model has changed from sending intrusion
packets to specific target system to arbitrarily sending packets to intrude
any vulnerable computers on Internet. In case that our network
environment does not provide the service or does not have the software
vulnerability certain intrusion packet targeted. But the detection rule
database of the intrusion detection system deployed in our network
environment has these signatures, these attacking packets can easily cause
a large amount of alerts to be generated and degrade the performance of
the IDS. Therefore, we proposed a method to apply the knowledge about
the network environment in tuning intrusion detection system, By
customizing the detection rule base, the size of the detection rule database
can be reduced, which leads to decreased amount of signature comparison
and less unnecessary alerts. In this way, the intrusion detection system
can save computing resources and concentrate on the more vulnerable
parts of the system and improve its performance.
|
|---|
