Research Of Firewall And Intrusion Detection System Interactive Technology

With the development of network, it is important to protect the network via improving and innovating the network security and protection. Nowadays, there are many kinds of network technologies, in which Firewall and intrusion detection system (IDS) are applied widely, when they are used to protection the network security separately, they are not completely enough to solve the problem of security. Thus, it is a interesting issue to make these two security protection systems united to construct an integral protection mechanism.Based on their respective advantages and disadvantages, this paper is formed, in which the necessity and feasibility is discussed, and some corresponding methods or algorithms are presented in detail. Some major issues in this paper are as follows.(1) Use the open interface to design a novel interactive mechanism. In this mechanism, firewall can apply distributed IDS to find the new attack actions beyond the security policies. In the other hand, the IDS may interdict the attack actions from the external networks. Thus, the feasible and effective protection mechanism is formed to improve the performance of network security. Where, the IDS is configured with distributed detection, distributed analysis, and central management, which may improve the detection efficiency and response speed. Since the detection report with several bytes, the network load is decreased and its real-time capability is improved.(2) Based on the communication pattern of Server/Client, the capability of validation and encryption is implemented, in which the technique of channel encrypted, i.e. SSL, and the encryption algorithm, i.e. DES are used to obtain the secure and reliable communication.(3) A close study is made on the pattern matching arithmetic.The dissertation presents a new pattern matching arithmetic-EBM arithmetic.The new arithmetic uses the most long prefix to match,and uses a shift table to calculate shift value in the matching of postfix.The dissertation proves that the EBM arithmetic is superior to BM arithmetic on theory and in practice.(4) After the discussion of the static Markoff chain model, the dissertation establishs a normal set called Stat Model, which can be used to calculate a support probability of the experimental data sequence.The probability is a standard which is used to determine the existence of the abnormal behavior.Then an abnomal detection method based on the static Markoff chain model is discussed, and a detection arithmetic is brought forward, the results of experiment is given.(5) From the concepts of "risk" and "transfer", the policies of secure interaction are established. The cooperation algorithm for all event analyzers in the distributed IDS is presented to reduce the system load and lighten the complexity of analysis. Since the local detection report may be described with some bytes of content, when they cooperate, they occupy little bandwidth. Thus, the real-time availability is good.