It is difficult to know all the relations between Snort rules.To deal with this problem the topological relations between Snort rules are classified based on the set theory and a method for calculating the topological relations between Snort rules is proposed.In the existing methods for analyzing the relations of Snort rules the relations are usually determined only according to the header information of the Snort rules.Without considering the actions of Snort rules the proposed method improves upon the existing methods and it can classify and calculate the topological relations between Snort rules according to both headers and options information of Snort rules. In addition the proposed method is implemented by the functional language Haskell. The experimental results show that the topological relations between Snort rules can be calculated rapidly and effectively. The proposed method also provides an important basis for conflict detection in the succeeding Snort rules.%针对Snort规则间的相互关系难以把握的问题,基于集合理论对Snort规则间的拓扑关系进行了分类,并提出了Snort规则间拓扑关系的计算方法。在已有的Snort规则相互关系分析方法中,通常只根据Snort规则的头部信息来决定整条规则之间的相互关系。所提方法在不考虑Snort规则动作的情况下,对已有的方法进行了改进,能够同时根据Snort规则的头部信息和选项部分的取值来分类和计算整条Snort规则之间的拓扑关系。另外,使用函数式编程语言Haskell实现了所提方法。实验结果表明,该方法能够快速有效地计算出Snort规则间的拓扑关系,并且能为后续的Snort规则间的冲突检测提供重要的依据。
展开▼
