公开(公告)号：US20160197957A1

公开(公告)日：2016-07-07

申请号：US14909580

申请日：2014-07-14

Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE

Inventor： Jaesung LEE ,  Yujeong HAN ,  Byungchul BAE ,  HyungGeun OH ,  Kiwook SOHN

IPC: H04L29/06

CPC classification number: H04L63/20 ,  H04L63/0263 ,  H04L63/1416

Abstract: The present invention relates to an apparatus and method that check similarity between intrusion detection rules used by an Intrusion Detection System. The apparatus for measuring similarity between intrusion detection rules includes a normalization unit for modifying a plurality of detection rules in a predetermined form, a division unit for dividing each of detection rules among a plurality of modified detection rules into a detection rule header and a detection rule option, a relationship operation unit for determining an inclusion relationship between a detection rule headers, and determining an inclusion relationship between a detection rule options, and a similarity measurement unit for measuring similarity between the detection rules based on the inclusion relationship between the detection rule headers and the inclusion relationship between the detection rule options.

Abstract translation: 本发明涉及一种检查入侵检测系统使用的入侵检测规则之间的相似性的装置和方法。 用于测量入侵检测规则之间的相似性的装置包括用于以预定形式修改多个检测规则的归一化单元，用于将多个修改的检测规则中的每个检测规则划分为检测规则报头和检测规则的分割单元 选项，关系运算单元，用于确定检测规则标题之间的包含关系，以及确定检测规则选项和相似度测量单元之间的包含关系，用于基于检测规则标题之间的包含关系来测量检测规则之间的相似度 以及检测规则选项之间的包含关系。