The Research And Implement Of Network Intrusion Prevention System Based On CVE

In recent years, the network attack is more frequent, and the new methods of attacks occur increasingly, therefore we must set a higher standard to the safe defence technology. There are defects on the firewall and the intrusion detective system to block the attacks. Intrusion Prevention System (IPS) is a new security technology to make up for the inabilities of firewall and Intrusion Detection System(IDS). Firewall has a coarse-grained detection function, and IDS has a fine-grained detection function. IPS implements tightly the interactions between firewall and IDS by integrating their advantages to provide more effective security protection.At the very beginning, the thesis introduced some security technology relating to the topic, illuminated the defects of the intrusion detection technology and firewall, and then researched into the method of setting up Snort rules based on CVE Vulnerability Database in Chinese. The thesis also talked about the combination point of between IDS and firewall based on their flaws, and so proposesd the two strategies to intergage the firewall and intrusion detection technology: rules conversion strategy and interaction strategy. Then the paper detailed on the design of network intrusion prevention system based on CVE. The prevention system used the two integration strategy to establish a two-level defense mechanism. The system explanded the intrusion detective function for the gateway firewall which could defend the attack at the first level,and increased the interaction with firewall for Snort so that Snort could defend the complex attack which had evaded the detection of the gateway firwall. At the end, the thesis gived the Nimda attack experiment to test the performance of the system, and the result of the experiment was presented: the experiment proved that the mechanism had resisted the large-scale worm attack in real time, and the two-level defense mechanism was better than the single-level mechanism in responding to the attacks whether on timeliness or completeness. Thus the result of the experiment confirmed the correctness of integration strategy and hierarchical idea.The network intrusion prevention system was based on CVE Vulnerability Database in Chinese, exploited the response function of firewall and the detection of the intrusion detection technology at the same time, and maked the two technology worked together. The system implemented all-round, multi-level network security defence, and improved the capability of the active response to the attacks in real-time.