Host Intrusion Prevention System Based On CVE Knowledge Base

Owing to the development of Internet, the whole world quickly becomes an integral one. Internet is more and more popular and common in every domain of economy and life. Now the whole society relies a lot on the network. As the development of the network, many problems arise, especially, security problem. It is the most important thing to understand many threats the network facing, prevent and eliminate those threats, realize the real safe network. In the face of such a rigorous situation, network safety researchers have developed several major network security techniques, such as fire wall and the intrusion detection system (IDS), virtual private network (VPN), trap host (honey pot) technique. These measures can partly complete the function of preventing intrusion, but also have some limitations and shortages. Therefore intrusion prevention technology becomes a new research area of the security technology in recent years.Basing on the research of current various intrusion prevention systems, this paper applies CVE (Common Vulnerabilities and exposure) knowledge base to this subject, and designs an intrusion prevention system based on the CVE knowledge base. This research sorts out and perfects chinesizing CVE dictionary, establishes a perfect CVE knowledge base, and develops an intrusion prevention system based on this CVE knowledge base. Besides helping users to share data in various independent vulnerability database and vulnerability evaluation tool, it can also carry out the enhanced access control to operating system from network and key resource of host system,maximally insure the safety of the system.This paper presents a framework of the system. It realizes some key technologies for the Windows operation system, such as driver technology, data packets capture technology, protocol analysis and pattern matching technology, system call interception and control technology. Those technologies are studied deeply. This system improves the security problem of network host, it is more practical, and can meet more customers'need.