【摘要】 在入侵检测技术的研究中,安全脆弱点的描述是一个急需解决的问题。目前,脆弱点描述方法基本上局限于枚举、CVE两种,但它们在各种安全工具及脆弱点信息源之间进行协同工作方面存在很多困难。为了解决这些问题,文章设计了一种安全脆弱点描述语言。使用该语言描述脆弱点,可以解决脆弱点标识符混乱问题;方便脆弱点的定位、归类与对比;清楚、明确地描述脆弱点内容;有效管理脆弱点的扩展部分及其更新过程。更多还原

【Abstract】 In the process of studying intrusion detection technology,the vulnerability description is an urgent problem.At present ,the only two popular vulnerability description methods are enumeration and CVE.However,there are many diffi-culties when using these methods to achieve interoperability between all security tools and vulnerability information sources.To solve these problems ,this paper designs a vulnerability description language(VDL).Using VDL to describe vulnerabilities can solve vulnerability identifiers confusion,help to lo cate,classify and compare vulnerabilities,clearly and precisely describe vulnerabilities and effectively manage the extensions of vulnerabilities and their updating processes.更多还原