本文首先系统分析了 snort 规则的组成，详细的介绍了各个部分的含义，这对于开发出新的入侵检测系统，建立自己的攻击规则库有很大的帮助。针对系统所需的适应性和自治性，在详细剖析 snort 规则同时，着重研究基于 CVE 入侵检测系统的规则库的实现，底层嗅探器的实现和嗅探过程等问题。在规则特征选项的模式匹配问题上进行重点说明，给出了一种改进的检测方法，即结合使用协议分析进行模式匹配，从试验数据上大大提高了效率，减少了误报率。同时，本系统所基于的 CVE 知识库，跟踪国际上 CVE 的最新发展动态，制订了国内统一的 CVE 标准，具有极大丰富的知识库，有效的解决了国内漏洞库不统一的问题.-The author also describes the architecture and functions and the design and the implement of the software. Intrusion detection system (IDS) is very important for network security. At present, the author systematically analyzes the composition and semantics of Snort rules, which may be of great help for creating signature database, then the paper studies the flexibility and self-controllability in the CVE-based Intrusion Detection System, emphasizes not only on analysis of the snort rules, but on the

realization of intrusion detecting based on CVE rules and the implement of the sniffer. Especially, this paper covers the intrusion signature matching methods, and analyzes the weakness when only uses pattern matching in intrusion analysis and presents an improved approach that combines protocol analysis and pattern matching, to dectect attacks. At the same time it gives an example to show how to use this approach. The experimental results show that the rules surely reduce the rate of misd