Research On The Application Of SMS Technology In Response Unit Of Intrusion Detection System

The rapid development of Internet has provided convenience for high-speed information sharing round the globe. But at the same time, it also posed a great challenge for internet-related information security. As a matter of fact, information security has become one of the most crucial factors of information management system. The P2DR model, thus,came into being. P2DR raised the issues of integrating policy, protection, detecting, response and restoration which will effectively enhance information security. According P2DR model, minimizing the system Et (exposure time)is an important measure for improving system security. Unfortunately, due to the complexity and uncertainty of the inter-net hacking"the existing security system is still very weak in some areas such as slow in response to inter-net hacking, failure to respond or over-response. To address this problem, this article discussed practical solution to the problem. That is to transplant the safe and fast SMS technology of the mobile phone into response unit of Intrusion Detection system to achieve high-speed manual response and meanwhile, make the high-speed manual response a necessary and helpful supplement to automated response. This article is logically divided into five parts and focuses its discussion on the application of short message technology of mobile phone to Intrusion Detection System. The first part discussed background, development and current issue of Internet security and Intrusion Detecting System. It also analyses the progress and achievement of research in this area worldwide. From the analysis of P2DR model, this article points out that applying the safe and fast SMS technology to action response unit in Intrusion detection system. With such high-speed manual response method, it should solve the current problems of the Intrusion Detection System that result from failure to response, mis-response or over-response during auto response process. A successful adoption of this technology will ensure system security and minimize the loss due to system insecurity. The second part first studied system structure and standard task of Intrusion Detection System. According to commonly used model for Intrusion Detection System, group together the event generator, event analyzer, response unit and data storage. Each component uses its standard data format to communicate with each other, so that they can share information and to improve the interaction of the components. Then information will be sorted and compared through different detecting systems. And at the same time, a detailed and in-depth study will be made on the hacking response process. Further more, it introduced the fastest and most convenient SMS technology and application and environment of SGIP. At last it strongly suggests the use of SMS technology in action response unit of Intrusion Detection System in order to obtain high-speed manual response. It will approve to be a new method to enhance the detecting system's ability to respond. The third chapter, through studies of using SMS technology in logic unit in Intrusion Detection System response unit, offered a intrusion detection and response system model that combines auto response and high-speed manual response based on cost-ARMIRS(Automated and Rapid Manual Intrusion Response System). This model is mainly composed of response cost estimate module, SMS agent, response module and response agents. This model adopted a method of analysis based on response cost. This method will estimate the damage cost and response cost and enable the system to response to ordinary hacking incidents. Once the system detects a very serious hacking, or in case the system needs some more aggressive response such as tracing the hacker, even attack the hacker and so on. The system will sent alarm signal to security manager through short message agent and allow security manager to initiate high-speed manual response through short message. This will effectively minimized the time of system exposure at the time of hacking. It may also avoid the loss due to response failure, mis-response or over-response.