The Research Of Adaptive Firewall And Intrusion Detection Technology Based On Netfilter In Linux

With the rapid development of network technology, network attack methods and means are becoming more complex, making the firewall, intrusion detection systems, antivirus software and other security technologies and products grow significantly in member. Although these products are able to guarantee the safety of information, yet because they are highly specialized, they can only be applied to certain aspects of network security. Intrusion detection systems'biggest feature is that they can find the invasion, blocking access and they focus on the behavior of intrusion detection. The firewall is able to check through all the data packets and intercept packets which cannot meet the safety rules. Nevertheless, the firewall rules are static and can not dynamically respond to changes in invasive behaviors. Obviously, a certain kind of individual safety technology and product cannot handle with the increasingly complex attack tools and techniques. It is an urgent requirement for a variety of security technologies to work together, committed to protect the security of the system.Firewall and intrusion detection system are the two key technologies which guarantee the security of networks. The firewall is static and therefore lacks of flexible filter strategies against the volatile network attacks, while the intrusion detection system is dynamic and lacks of effective measures and preventable capabilities against some complicated attacks. The two suffer from potential safety problems because they fail to overcome their own problems. Firewalls and intrusion detection system determines the features and limitations of their dependency and irreplaceable. The reason is that focus on the control of the firewall, and intrusion detection systems focus on intrusion detection; the two complement each other protection. From a perspective of Information security as a whole, a combination of both can greatly improve the network security system protection.Firewall and intrusion detection-based intrusion prevention system not only showed the trends of firewall technologies'development, but also realized the network security's deep defense. It enabled the protection system transit from static to dynamic, improved the firewall's mobility and real-time response capabilities, and enhanced the blocking function of intrusion detection systems. Therefore, the joint prevention and control of firewall and intrusion detection systems had become new research topics in the field of network security at home and abroad.By firstly deeply studying and analyzing TCP/IP architecture protocol, Netfilter firewall architectural principle, network sniffer program and port scanning detection technologies and under the understanding of technology of distributed firewall, this thesis proposed a relatively secure firewall architecture model via deeply studying intrusion detection system and proactive defense system. Experimental results show that the Firewall architecture model that combined firewall and intrusion detection system and proactive defense system gains a better performance.