摘要
通过对入侵检测的现状以及目前存在的问题进行深入的研究,提出了将入侵检测与漏洞扫描相结合的设计方案.该方法不仅能缩小知识库规模,有效缩短规则匹配时间,降低系统误报,而且还可实现知识库的动态更新.另一方面漏洞扫描系统也可以根据IDS传送的报警信息,对主机进行特定的扫描,针对发现的攻击,及时查找、修补相关安全漏洞.通过漏洞扫描与入侵检测系统的协作,可以有效地提高IDS的检测效率,增强系统的整体防御能力.
A new c .ooporation mechanism between the intrusion detection system and vulnerability scanner is presented through in- depth researching about the existing problems of the intrusion detection. By this way, it will decrease the size of repository, the match time and the false Mann rate, in the mean time, it can update the repository dynamically. On the other hand, vulnerability scanner can start some special scanning to some host based on the Mann of intrusion detection system, aim at the detected intrusion and find the related vulnerahilitiee and patch them. By the cooperation between the vulnerability scanner and intrusion detection system, it can improve the efficient of intrusion detection system and enhance the defense of the system.
出处
《怀化学院学报》
2009年第8期54-56,共3页
Journal of Huaihua University
基金
福建农林大学计算机与信息学院校青年基金资助项目(07B21)
项目名称:基于状态转换的入侵检测
关键词
入侵检测系统
状态转换
漏洞扫描
intrusion detection system
state transition
vulnerability scanner