| After analyzing the main modes of the Intrusion Dectection System currently, the author gives readers new Intrusion Dectection System based Common Vulnerabilities & Exposures. The author also describes the architecture and their functions and the design and the implement of the software on the duplicated fault tolerance.IDS Data Collection based on CVE adopts one kind of data packet capturing/filtering mechanism, putting forward one technology that builds proxy process, namely data packet filter, which promote the operation capability of the system, and thereby is able to cope with network attack more efficiently, and extend administrator's security management capability, enhance the integrality of security base structure. We introduce data mining technology in data analyzing, and extend algorithms of this system based on exploiting algorithms in data mining, such as conjunction analyzing algorithm and serial mode analyzing algorithm, which can extract security related attributes of system characteristic efficiently, promote the scalability of the system greatly and provide data support for insight research toward the system. And the CVE knowledge base of the system traces international newly development trends of CVE, establishing internal unified CVE standards, whose abundant knowledge base settle ununified problem of internal flaw base, and has great practical value.
|
PDF Full Text Request