Research And Implement Of Intrusion Detection System Rule Based On CVE Characters

Recently, network has a great development in the world, while the security of network is standing out. The main threat comes from intrusions on network. Network intrusion is defined as any set of actions that attempt to compromise the integrity, confidentiality, availability of information system. At the same time, intrusion technique and measures have a great development and changes, how to detect and protect computer system and network system and all the information system's safety has been a core of technique in many network security means. On the base of analyzing the structure, building methods and running characters of the Intrusion Detection System, and according to the practical requirements, this paper puts forward a real-time Intrusion Detection System based on CVE (Common Vulnerabilities and Exposures) characters. The main research objects are the Vulnerabilities & Exposures in CVE for Intrusion Detection in this system. Since deep researching the characters and structure of CVE and pick up and sum up it effectively, we built a rule base with CVE characters, and built a real-time Intrusion Detection System based on network and host, which can identify attack of network and farthest safeguard the network's safety. The main task of this paper is the research and implement of rule base based on CVE, which is the kernel of this IDS. This system used describe language of rule based on standard CVE, this describe measure is simple, efficient and easy to implement, it can describe most CVE intrusive actions and update or upgrade rapidly. With the rule base's holding up, the system provide detection, report and response together. In the implement of the network engine, the combination of network protocol analysis and pattern match technology is used, the Intrusion Detection System improved its response speed, data analyzing speed and reduce the miss alarm rate and false alarm rate, all these characters make this Intrusion Detection System have much more protecting capacity. This system used standard CVE as rule base's data resource, formed and built the rule base of the Intrusion Detection System. It provide reliable foundation for the rule base of the IDS, which can promote the standardize process of Intrusion Detection System.