论文部分内容阅读
介绍了入侵检测(IDS)技术的作用和发展方向,指出目前的入侵检测系统必须解决好高误报率的问题,为此提出了一种嵌入基于公共漏洞和风险(CVE)扫描技术的IDS系统的新的模型和设计方案,对该模型的CVE标准,扫描技术及IDS系统中扫描模块、动态配置模块、警报验证模块等的设计进行了详细的介绍。认为该嵌入扫描技术的IDS系统具有特征库可动态更新、低误报率和扩展性好的优点,在入侵检测方面是一种新的尝试。目前,以该模型为蓝本的IDS系统正在开发之中。
This paper introduces the role and development direction of IDS technology and points out that the current intrusion detection system must solve the problem of high false alarm rate. Therefore, an IDS system based on public vulnerability and risk (CVE) scanning technology is proposed. The design of CVE standard, scanning technology and scan module, dynamic configuration module and alarm verification module of IDS system are introduced in detail. It is considered that this IDS system with embedded scanning technology has the advantages of dynamic signature update, low false alarm rate and good scalability. It is a new attempt in intrusion detection. IDS systems modeled on this model are currently under development.