中文摘要：

为了探索一种能体现基于网络的入侵检测系统规则的复杂性和联系性,并具备降低规则冗余的入侵检测方法,提出一种基于深度协议分析对网络事件进行重新解构的方法。该方法不仅将协议分析抽象到基于事件的整体上对网络事件进行层次分析,同时还将协议分析深入到具体的应用层数据里。实验表明,该方法具有更高的检测准确率和检测速率,大幅度地减少了规则库冗余,更适用于高速网络环境,同时还具备一定的检测未知入侵的能力。

英文摘要：

To research a reducing the rules redundancy method which can reflect the complexity and relation of rules in intrusion detection,this paper proposed a deconstructing network intrusion events method based on deep protocol analysis.Protocol analysis was not only applied to and hierarchically analyzed the network intrusion events,but also gone deep into the application layer data.Experiment results prove that the method can not only solve the above problems effectively with less false positive ratio（FPR） and false negative ratio（FNR）,and less redundancy of rules,but also improve the speed of detection and adaptation to high-speed network.And it＇s also able to detect some unknown attacks.