| With the rapid development of information technology and the Internet, security becomes more and more important. Traditional security technology aims at a sort of passive defend, that is mainly to patch the security holes. In fact, an ideal security system should possess the properties of flexibility, stability and self-controllability. After analyzing the main modes of the Intrusion Dectection System currently, the author gives readers new Intrusion Dectection System based Common Vulnerabilities & Exposures. The author also describes the architecture and functions and the design and the implement of the software. Intrusion detection system (IDS) is very important for network security. At present, the author systematically analyzes the composition and semantics of Snort rules, which may be of great help for creating signature database, then the paper studies the flexibility and self-controllability in the CVE-based Intrusion Detection System, emphasizes not only on analysis of the snort rules, but on the realization of intrusion detecting based on CVE rules and the implement of the sniffer. Especially, this paper covers the intrusion signature matching methods, and analyzes the weakness when only uses pattern matching in intrusion analysis and presents an improved approach that combines protocol analysis and pattern matching, to dectect attacks. At the same time it gives an example to show how to use this approach. The experimental results show that the rules surely reduce the rate of misdetection.
|
PDF Full Text Request