Research And Implementation Of CVE-based Intrusion Detection Expert System Rule Base

Intrusion is defined as any set of actions that attempt to compromise the integrity, confidentiality, availability, or controllability of computer. With the development of computer technology and the explosion of Internet, the hacker activities is increasing. Annual reports from the Computer Emergency Response Team (CERT) indicate a significant increase in the number of computer security incidents each year. According to CERT, the number of incidents reported increase sharply from 252 in 1990 to 21,756 in 2000. In recently years, our government pays great attention to the research of computer security.The Intrusion Detection is a new security technology following tradition security protect technology, such as firewall and data crypt,it has been the focus of the computer security study. Intrusion Detection System collects the information from the main part of computer network system, then monitors and controls the computer and network traffic for intrusive and suspicious activities. They detect the intrusion not only from the Extranet hacker, but also from the intranet users. Today computer technology develops at very fast speed, intrusion technology renovates rapidly,IDS technology face great challenge.We design a CVE-based Intrusion Detection Expert System rule base, it combine the network-based IDS and host-based IDS into a system, and provide detection, report and response together. In the implement of the network engine, the combination of network protocol analysis and pattern match technology is used so that the scope to search is reduced. The foundation of CVE-based Intrusion Detection System rule base gives the update of the IDS rule base reliable foundation. We put forward a new form of rule syntax. The rule syntax is simply to implement for most computer network vulnerabilities. It can refresh the newestvulnerability rule in time. We also improved match algorithm, the network engine can search intrusion signal more quickly. The implementation of the CVE-based IDS Rule Base promote the standardize process of IDS.