在做snort+acid的分布式统计的时候,数据库处理是一大问题,因为数据库很大,不得不每天保存的,或者做CLUSTER?hoho,看看下面的文章是怎么说的吧,我要回广州找工作了,没法测试,测试了的朋友如果愿意的话麻烦告诉偶一下结果哦,thx in advance 
Network intrusion detection systems have become one of several invaluable tools to safeguard critical infrastructure and information. Publicly available network intrusion detection systems (NIDS) such as Snort and Bro as well as a large number of commercial systems complement other security mechanisms by passively monitoring a network link for possible intrusions and other security breaches. Alerts about possible violations are forwarded to security personal and are often also stored in databases for further analysis and correlation.
The performance of a NIDS can be described by its ability to detect true attacks in the stream of network traffic it observes. In addition to the sophistication of the intrusion detection algorithm employed, processing speed is a key consideration for the overall performance. If the NIDS is unable to process network traffic at the rate it arrives, packets are dropped and valuable information may be lost. Significant packet loss negatively affects the overall NIDS effectiveness.
The performance requirements of the popular Snort NIDS has been studied before. However, in addition to the performance of the NIDS sensor itself, the database that receives and stores alerts can play a role in determining overall performance. On a system under attack, the NIDS sensor can potentially generate a large number of alerts over a short period of time. If the database server is unable to absorb alerts at the offered rate, important alert data is lost and the entire intrusion detection system is rendered inefficient. This problem is compounded if multiple NIDS sensors report to the same database system.
download hole pdf
http://secu.zzu.edu.cn/down/common/TR-03-10.pdf |
IP卡
狗仔卡
发表于 2003-12-9 13:08:24
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡
楼主