| With the development of the computer and network technology, various kinds of online security questions are outstanding day by day. So lots of security technologies and systems are invented. Intrusion Detection System (IDS) and Firewall are two kinds of main network security systems among them, which have been developed maturely. However, because of their own defects, they can't solve the serious security problems perfectly. Therefore, it is necessary to use new mechanism to improve their disadvantages.Based on such notion, Intrusion Prevention System (IPS) appears. It is an initiative, active intrusion prevention system, which is introduced as a new security defense tool in recent years. Once detecting attacks intentions, it will drop attack packets or blocks attacks source address, so that information system will not be offended. At present, few people do the theory research on IPS in the domestic universities.At first, network security technologies are introduced. The principle and characters of Intrusion Detection System and Firewall are discussed. Then, the paper makes systematical research on the basic theories of IPS, gives a comparison among of IPS, IDS and Firewall. Besides, the principle, sorts, system architecture, access control policies, detection technologies and its flaws are analyzed. And then, this paper proposes a defense in depth network security model and applies the data mining technologies to analyze the packets collected from intrusion prevention system. The key component of the model consists of a Global Policy Server to manage the scattered prevention systems, each of which is managed by a Local Policy Server. The Functions of each part in the model are illuminated. The results demonstrate that the proposed model performs very well on attack detection rate and false alarm rate. Finally, a summary is given and the future research directions are also pointed out. |
PDF Full Text Request