基于状态转换与漏洞扫描的入侵检测的研究

The Intrusion Detection System Based on the State Transition with Vulnerability Scanner

通过对入侵检测的现状以及目前存在的问题进行深入的研究,提出了将入侵检测与漏洞扫描相结合的设计方案.该方法不仅能缩小知识库规模,有效缩短规则匹配时间,降低系统误报,而且还可实现知识库的动态更新.另一方面漏洞扫描系统也可以根据IDS传送的报警信息,对主机进行特定的扫描,针对发现的攻击,及时查找、修补相关安全漏洞.通过漏洞扫描与入侵检测系统的协作,可以有效地提高IDS的检测效率,增强系统的整体防御能力.

A new c .ooporation mechanism between the intrusion detection system and vulnerability scanner is presented through in- depth researching about the existing problems of the intrusion detection. By this way, it will decrease the size of repository, the match time and the false Mann rate, in the mean time, it can update the repository dynamically. On the other hand, vulnerability scanner can start some special scanning to some host based on the Mann of intrusion detection system, aim at the detected intrusion and find the related vulnerahilitiee and patch them. By the cooperation between the vulnerability scanner and intrusion detection system, it can improve the efficient of intrusion detection system and enhance the defense of the system.