基于漏洞扫描特征定制的入侵检测系统设计

Intrusion Detection System Design on Vulnerability Scanning Feature Custom

随着网络入侵攻击种类的增加，其特征库也在不断地增加，针对旧有系统漏洞攻击虽不能发挥作用但仍会产生警报，使安全管理员无法判定哪些警报最为危险。本文设计并实现了一种“特征定制”的方法，构建一种新的基于漏洞扫描的入侵检测系统，在高速的网络环境下，降低安全管理员的工作强度，提高工作效率。

The paper mainly designed and implemented two kinds of signature customization methods which based on open ports and CVE number.The results indicate that the IDS system can reduce the detection rules,useless alerts and detection efficiency after customization signature.So under the high-speed network environment,it can reduce the work intensity of security administrators and increase their work efficiency.