| 基于CVE入侵检测系统规则库的研究与实现 |
| |
| 引用本文: | 谢怡宁,刘胜辉. 基于CVE入侵检测系统规则库的研究与实现[J]. 哈尔滨理工大学学报, 2005, 10(2): 23-26 |
| |
| 作者姓名: | 谢怡宁 刘胜辉 |
| |
| 作者单位: | 哈尔滨理工大学,计算机与控制学院,黑龙江,哈尔滨,150080;哈尔滨理工大学,计算机与控制学院,黑龙江,哈尔滨,150080 |
| |
| 摘 要: | 针对计算机安全系统的适应性,稳健性和自治性问题.在详细剖析Snort规则同时,提出了如何实现基于CVE入侵检测的规则库,并对规则特征选项的模式匹配问题进行了探讨,分析了在入侵分析中单独使用模式匹配方法存在的弊端,给出了一种改进的检测方法,通过实例说明了分析实现过程.试验数据表明,该检测方法提高了效率,减少了误报率.
|
| 关 键 词: | 计算机公共风险/弱点 入侵检测系统 规则 协议分析 |
| 文章编号: | 1007-2683(2005)02-0023-03 |
| 修稿时间: | 2004-10-15 |
Research and Realization of Intrusion Detection System's Rule Base Based on CVE Characters |
| |
| XIE Yi-ning,LIU Sheng-hui. Research and Realization of Intrusion Detection System's Rule Base Based on CVE Characters[J]. Journal of Harbin University of Science and Technology, 2005, 10(2): 23-26 |
| |
| Authors: | XIE Yi-ning LIU Sheng-hui |
| |
| Abstract: | Traditional security technology aims at a sort of passive defend, which is mainly to patch the security holes. In fact, an ideal security system should possess the properties of flexibility, stability and self-controllability. This thesis studies the flexibility and self-controllability in the CVE-based Intrusion Detection System, emphasizes not only analysis of the snort rules, but the realization of intrusion detecting based on CVE rules. Especially, this thesis covers the intrusion signature matching methods, and analyzes the weakness when only using pattern matching in intrusion analysis and presents an improved approach that combines protocol analysis and pattern matching to dectect attacks.At the same time it gives an example to show how to use this approach.The experimental results show that the rules surely reduce the rate of misdetection. |
| |
| Keywords: | CVE intrusion detection system rule protocols analysis |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
