【摘要】 设计了一个基于模式匹配专家系统的网络入侵检测系统,它的所有组件都是用LINUX下的C语言编写的。该系统一方面能够抓取计算机网络中数据链路层的所有数据包并记录下来;另一方面能够用一基于专家系统的检测引擎对抓取的数据包进行实时分析,以检测各种入侵。该专家系统采用模式匹配原理,主要采用存在模式和规则表示模式。当检测到入侵时,系统在发出警报的同时还将数据包的详细内容记录下来,以发现入侵者的详细信息。更多还原

【Abstract】 This is a networkintrusion detection system based on expert system.All the sections of the intrusion detection system are developed in C program under Linux. The system can get all the packets from data link layer and record them, perform real\|time traffic analysis and detect intrusions using a special expert system. The expert system in the detection engine uses the Match Pattern Theory, adopts existing pattern and regulation expression pattern. If it finds an intrusion, it will make an alarm and write down the data packets in order to find the detailed information.更多还原