| Face to the current dynamic system and dynamic environment, it is need for dynamic security models, methods, technologies and solutions to meet the current issue of network security. Intrusion detection and Firewall technology are important component of dynamic network security. Interactive technology between intrusion system and firewall, which is researched in this paper, can achieve dynamic network security and protection, so it has great meaning.According to security interactive system decision-making process, an interactive system between intrusion system and firewall, which called IFS, is designed in this paper. IFS are made of intrusion subsystems, firewall subsystems, interactive control subsystem. It introduces the performance analysis and cost analysis of IDS to optimize system response decision-making process. The main content of this paper is:1) According to security interactive system decision-making process, this paper introduces an interactive framework between intrusion system and firewall—the IFS. IFS based on the analysis of IDS performance and the loss of auto response. It optimized decision-making process, which avoids the disadvantage of "at all costs" to achieve maximum security with minimum price.2) Bring into effect an instance of IFS framework by three subsystems. Intrusion detection subsystem is hign efficient and has well anti-attack ability, based on two-layer distributed structure. IDS subsystem uses autonomous detection nodes to accomplish distributed detection, and uses SSL protocol to guarantee the communication security of inter-subsystem. Firewall subsystem bases on Netfilterof Linux, and run to structure clarity, less developed cost, flexible configure, powerful function and high security. Interactive control subsystem has fully considered some problems including performance of IDS subsystem, standardization of IDS warning information, optimization of decision-making process, safety of IFS, and so on. It standards the data alternant style, has well expansibility and security, and can make auto response to intrusion of IDS subsystem's detection worked to system's configuration. In the data organizationaspect, IFS achieves highly openness and extensibility, through using XML and IDMEF. Any security equipment, which adopts IDMEF format can interacts or integrates with IFS.3) Analyzing the performance of IFS through testing. Experimental results show that, the IDS subsystem has high diction rate, and the firewall subsystem has powerful function.IFS can response to attacks automatically, and has certain adaptability, someets the design goal. |
PDF Full Text Request