Research And Implementation Of Interaction Response Strategy With Firewall And Intrusion Detection System

Nowadays, firewall and intrusion detection system (IDS) are the two techniques that are applied most widely. They represent the static technique and dynamic technique of the traditional network security respectively. How to integrate the two techniques and combine them into an interaction security system has become a new orientation of the development of network security. Therefore, the interaction technique is proposed and has become the focus of the researches at home and aboard.However, the current interaction techniques have some problems, such as the low utilization of resources and high rate of false negative. These problems have become the obstacle of further development of interaction technique.This paper focuses on the interaction technique of firewall and IDS and put forward the optimization algorithm of interaction response strategy. This paper adopts the interaction module to transmit information between firewall module and IDS module. The interaction module which is the core of the whole system can analyze and process the alert, constitute and adjust the relevant security strategy and then make a response command. The system can get performance parameter of IDS by analyzing the performance of intrusion detection module and analyze the response loss. According to the results, the system will choose the best response strategy to achieve the safest goal so that it can increase the accuracy of alert, reduce the rate of false negative and reduce the communication flows between the security components. It resolves some problems existing in the firewall and IDS technique, such as the low utilization of resources, the low speed of data transmission,high rate of false negative and false positive and so on.The interaction system with firewall and IDS has been achieved in this paper. Firewall module is adopted Net filter firewall frame construction of Linux 2.4, and intrusion detection module is adopted distributed intrusion detection system. The interaction module consists of three main components: analysis, response strategy and data exchange. When the intrusion happens, intrusion detection module of the system will produce alert information, and interaction module will analyze the parameter and constitute response strategy. Then the firewall will adopt the corresponding measures. So it achieves a whole security structure with the combination of static and dynamic techniques. Finally, the author made an experiment to analyze the performance of the system by testing. The experimental result indicates that the system can produce automatic response aiming at different attacks with a high success rate. Moreover, the system has certain ability of self-adaptation.