Research And Design Of Security Defense Architecture Based On Firewall And Intrusion Detection

With the rapid development of computer network and communication technology, the typical opening internet, namely Internet has dramatically enlarged the scale with more and more informational application systems connected to it. It is a prominent problem how to ensure the information security and maintain the general work of the integrated informational system. And network security becomes the research hot point and social focus. Traditionally, we solve the problem by a single improved or optimized security method or by a loose combination of them. Apparently, considering the fact that the attackers have mastered more and more knowledge, we can not solve the problem with the traditional method in the complicated network environment. Only if we develop an all-around security defense system with diversified, but harmoniously synthesized security methods, we can effectively improve the network information security. This paper dose some research work with the theme, four parts as follows:The first part analyses the network security present status based on national and international authorized computer security survey. Then discussed the information security from physical aspect and logical aspect respectively, and draw a conclusion that network security is the main problem of information security. At last, main intrusion methods and security compromization targeted at information systems are discussed.In the second part, the key technology theories of different common security measures are discussed in details. Packet filter, proxy and NAT technology aimed at firewall are studied in depth. Especially, detailed discuss given to the proxy server realization process. And different architectures of firewall analyzed in details. As to intrusion detection, diversified detection methods, base on anomaly and misuse detecting respectively, are studied in depth. And the characteristics of the two kind of detecting technology are analyzed. At last, an internet security protocol, namely IPSec protocol targeted at integrity, confidentiality, non-repudiation of data and authentication are studied systematically.In the third part, it analyzed the functional complementarities of the firewall and the intrusion detection system used in security protection in details. Then put forward innovatively a complementary function theory model (CFTM) based on firewall and intrusion detection. By taking the advantage of screened subnet architecture of firewall, it constructed an all-around security defense system, which based on the CFTM, with synthesized security methods.The fourth part, sequence alignment algorithms, which was widely used in the fields of bioinformatics, is studied deeply in this part. Then according to trait of masquerade intrusion, a novel masquerade intrusion detection algorithm-S-M algorithm is brought. At last, we do experiment with the data supplied by Matt Schonlau, which was the de facto standard corpus dataset in the field of masquerade detection, to validate the effectiveness of the algorithm. And the results of experiment manifested that the S-M algorithm has a trait of low false negative and low false positive.