The Architecture Design Of Intrusion Prevention System And The Research On Key Problems

As the application of the computer and network technology is popularized day by day, various kinds of online security questions are outstanding day by day. There are two kinds of main network security practices among them: Intrusion Detection System (IDS) and Firewall. However, since of their own defects, they can't solve the serious online security problems perfectly. Firstly, this paper introduces and analyses the principles and defects of Intrusion Detection System and Firewall, and analyses the weakness from performance and dependability of method that uses the interaction model to defend against the network attack, which combines the Intrusion Detection System and Firewall for defending issues. This paper designs the architecture of Intrusion Prevention System (IPS), which combines the audit function and defense function for particular defending requirements. This system optimizes the detection and analysis component based on the special demand of prevention task that is in charge of detecting intrusion issues and consists of intrusion signature analysis module and prevention policy creating module. Prevention policy execution component provides intensive defense by particular execution engine. The Distributed Denial of Service (DDoS) attack is one of the most serious network threats and the one that is most difficult to defend. The traditional technologies of Intrusion Detection System and Firewall can't resist it effectively. Hence, it is recognized to be the key problem that how to create an available measure in Intrusion Prevention System to defend the DDoS attack effectively and adapably. This paper discusses the current status, features and forms of DDoS attack systematically and analysis the flaws of current defending practices. Basing on the behavior characteristic differentiation, this paper presents a defending theory that use different measures to defend the DDoS attack with different behavior patterns and creates a three-phase defending model basing on the state-control mechanism and phase-defending policy. This paper implements the main parts and the key modules of the DDoS defending model and proves the availability and stability of the model.