基于cve的网络入侵防御系统的研究和实现-计算机应用技术专业论文.docxVIP

哈尔滨理工大学T学硕上学位论文The 哈尔滨理工大学T学硕上学位论文 The Research and Implement of Network Intrusion Prevention System Based on CVE Ab stract In recent years．the network attack iS more frequent，and the new methods of attacks occur increasingly,therefore we must set a higher standard to the safe defence technology．There are defects on the firewall and the intrusion detective system to block the attacks．Intrusion Prevention System(IPS)is a new security technology to make up for the inabilities of firewall and Intrusion Detection System(IDS)．Firewall has a coarse—grained detection function，and IDS has a fine-grained detection function．IPS implements tightly the interactions between firewall and IDS by integrating their advantages to provide more effective security protection． At the very beginning，the thesis introduced some security technology relating to the topic，illuminated the defects of the intrusion detection technology and firewall，and then researched into the method of setting up Snort rules based on CVE Vulnerability Database in Chinese．The thesis also talked about the combination point of between IDS and firewall based on their flaws，and SO proposesd the two strategies to intergage the firewall and intrusion detection technology：rules conversion strategy and interaction strategy．Then the paper detailed on the design of network intrusion prevention system based on CVE． The prevention system used the two integration strategy to establish a two—level defense mechanism．The system explanded the intrusion detective function for the gateway firewall which could defend the attack at the first level，and increased the interaction with firewall for Snort SO that Snort could defend the complex attack which had evaded the detection of the gateway firwall．At the end， the thesis gived the Nimda attack experiment to test the performance of the system，and the result of the experiment was presented：the experiment proved that the mechanism had resisted the 1arge．scale worm attack in real time．a