| With the development of network and information, security problems become more important. As the frequency of network security incidents, and not only are these attacks becoming more numerous, they are also becoming more sophisticated, incident response has been focused on. With a large number of network attacks, the automated intrusion response system can take timely countermeasures to stop attacks and reduce the loss of system.This paper proposes intrusion response taxonomy firstly. To make an adopted response, we must deeply research intrusion incident, we can take one or more reasonable action to response the intrusion. This paper attached character of it, and proposes a new intrusion response taxonomy base on the front work. This taxonomy is the basis of paper that provides an extensive foundation theory.Based on the deficiency of current intrusion detection product on the part of response, the system deeply analyzed and discussed the character and deficiency of the current product, and designed and implemented and intrusion system and thorough research to the intrusion response technology, emphasized the correlation questions of system had adopted the Linux operation system platform and used C programming language to do the development work. Through design the sub system of the database, analyzing protocol, log and response system, the system accomplished a function integrated intrusion detection and response system. The system could convenient packets query and analysis, add a new rule and could execute active response mechanism to the intrusion incidents, and achieved the target of response to variety level and form of detected intrusion accident. |
PDF Full Text Request