Research of Intrusion Detection System Based on Vulnerability Scanner
Feature matching is an important way of network intrusion detection system. With the increasing of attack types, rule database becomes more and more larger and the course of matching also becomes increasingly complex, which makes IDS easily to lose packets. For the problem above, two kinds of signature custonuzation methods which based on open ports and CVE number are designed in this paper. These methods integrate the IDS and vulnerability scanner, help the misuse NIDS to select appropriate signature for the protected host and eliminate unnecessary signature matching through not modifying too much programs and setting the values of NIDS. Some experiments have been done on testing the integrated system. The results show that IDS can reduce the detection rules, useless alerts and improve detection efficiency after customization signature.
NIDS vulnerability scanner signature cusiomization CVE
Guangming Yang Jian Xu Dongming Chen Zhiliang Zhu
Software College of Northeastern University Shenyang,China Software College of Northeastem University Shenyang,China
国际会议
The 2nd IEEE International Conference on Advanced Computer Control(第二届先进计算机控制国际会议 ICACC 2010)
沈阳
英文
173-176
2010-03-27(万方平台首次上网日期,不代表论文的发表时间)