Research And Tentative Implementation Of Distributed Intrusion Prevention System On High-speed Networks

The evolution of Internet has brought wealth to human community, along with security problems. Network security had become one of the most important fields in computer technology because of the popularization of E-Commerce. Researchers are putting more focus on security technologies.Most security-related products are passive. Firewalls only block access statically. Intrusion Detection Systems could detect intrusions dynamically, but fail to block the intrusion detected. Thus a new concept IPS, known as Intrusion Prevention System, was introduced. Integrated with a firewall and an IDS, the IPS could block the intrusion detected actively. However, the firewall module of IPS impacts network performance greatly, and false alarms from IDS module trouble a lot. Especially on gigabit high-speed networks, performance is the major bottleneck of IPS systems.Based on current research work on security, this thesis extended current concept of IPS system, presented a distributed IPS system on high-speed networks. Different from traditional IPS, it is more than a firewall integrated with an IDS system. This system integrated a host-based intrusion prevention module, as well as content filtering. Distributed architecture ensures processing capability on high-speed networks. Host-based intrusion prevention, as a supplement to network-based IPS, provides better prevention. Content filtering filters protocols like SMTP, efficiently blocks virus mails and spams.The thesis introduced the architecture of this distributed IPS system on high-speed networks, presented implementation details and related techniques. Integration of specially designed hardware and general operating system software provides maximum scalability and interoperability without impact of network performance. By means of intrusion classification and global intrusion detection, this system solved false-alarm, one of the major problems of IPS systems, to some extent.Finally, the thesis analyzed performance of a reference implementation. A summary of distributed IPS and suggestions on future work were presented.