中文摘要：

为了解决Snort入侵检测系统中由于规则库存在冲突而可能导致的漏报和误报问题,提出了检测规则冲突的方法。定义了规则之间的关系;通过单根结构的策略树简单有效的表示规则,并揭示规则之间的关系;由规则之间的关系和相对顺序定义了冲突的类型,并通过冲突状态转换图反映冲突发现的过程,在此基础上进一步提出冲突检测算法;最后对Snort规则库的一部分进行检测,结果表明这种方法可以有效发现冲突。

英文摘要：

To resolve the rule conflict problem which may cause ambiguity in alarm and moreover lead to false positive and false negative in Snort intrusion detection system, a conflict detection method is proposed. First this method define the relation between rules, express rule and expose rule relation by tree structure with one root node, and then define conflict type in terms of rule relation and relative position and use conflict state transition graph to reflect the process of conflict detection, Based on these, the algorithm for conflict detection is proposed. By checking part of rules of Snort, the result shows that this method can detect conflict between rules effectively.