Network Intrusion Detection Model Based On Active Counterwork Response

With the rapidly development of Internet in recently years, the network comes to us more and more closely, and our life is highly digitalized. Simultaneously, network security becomes much more important because of the threat coming from hacker, computer virus and denial of service. The hacker's activity is hard to be detected and counterworked, and the result of the hacker's attack is so grievous. The problem of network security has been the bottleneck of the development of Internet. The existing Intrusion Detection Systems mostly work in a "passive" mode in response to network-based intrusions, so their countermeasures are limit locally and negatively in the intruded networks. So there is no active, WAN-wide counteraction against detected intrusion. While they all play an important role in counteracting network-based intrusion, they do not, however, effectively address the root cause of problem, locating and deterring intruders. Therefore, It is urgent to build a higher effective, real-time and active intrusion response system.In this paper, a new model of network intrusion detection based on active counterwork response is proposed. It utilizes existing IDS advanced and matured technologies, and imports the active tracing and locating theory. Once some intrusion actions or attempts are found by a detector, apart from local and simple response, the tracing to the stepping stones along the intrusion path based on the SWT technique, and the countermeasures such as remote blocking or remote isolation are used in the network which closes to the attacker. This method prevents hackers from sequent attack, thereby enhances the security of network system greatly.