Research Of Intrusion Prevention System Based On Behavior

Due to the limitation of the firewall and intrusion detection system in the information security domain, intrusion prevention system appeared. It is a new generation information security technology following the firewall and intrusion detection technique. It is also a intelligentized and secure product that protects the network and systems in real time from attacking, and now becomes a hotspot of research in network security domain.The paper firstly introduces the aim, significance and development status of intrusion prevention system combined with the network security status, then expatiates in detail the concept, work principle and key techniques of intrusion prevention system. Aiming at the encountered problem about intrusion prevention system, the paper brings forward a intrusion prevention system frameworks based on behavior. Taking the case of trojan horse attack, the thesis presents the detailed design and solution method of main modules based on Snort and Netfilter that are open-source softwares. Finally, testing of the system is carried out, and the system can detect and prevent familiar trojan horse attacks and other malicious attacks which communicate as trusted processes. The result shows that intrusion prevention system based on behavior takes a important part in protecting the key network and host computers and provides beneficial practice with the development of intrusion prevention system in the future.