Font Size: a A A

The Design And Implementation Of A Distributed Network Intrusion Prevetion System

Posted on:2008-10-04Degree:MasterType:Thesis
Country:ChinaCandidate:G WangFull Text:PDF
GTID:2178360245991792Subject:Computer application technology
Abstract/Summary:
As distributed cooperative attacks emerge, the loss resulted from attacks is growing, while attacks are more and more difficult to detect. These are the new challenges of network security. Traditional network security techniques include firewall, intrusion detection and access control, etc. However, they all have disadvantages so that it's quite difficult to rely on one technique to ensure network security when facing a great variety of network attacks. As a result, a comprehensive network security defense system is needed, which can integrate different network security techniques, to achieve complementary advantages and interactive defense.This paper aims at constructing a comprehensive network security defense system. Based on analysis of firewall and intrusion detection technique, the interaction technique between IDS and firewall is discussed. After analysis of general network security model such as P2DR and PDRR, a comprehensive network intrusion defense model is concluded. Based on the model, a distributed intrusion prevention system is designed and implemented, so that a dynamic network defense system is constructed.The system is divided into network sensor, host sensor, policy management center, console and response module, and is based on multilevel distributed architecture. Network sensor is deployed in the protected subnet, while host sensor is deployed on the protected computer. They are responsible for specific subnet or host. The control server uses the centralized control pattern, receiving alert messages of each sensor while controlling them. The policy management center comprehensively analyzes the alert messages of sensors, and generates linkage rules according to alert level, and then adds the rules into specific firewall through response module.The system is the integration of intrusion detection and firewall technique, host-based detection and network-based detection technique, misused detection and abnormal detection technique, while defining the universal interfaces for information exchange between different modules, so that the system gains excellent interoperability and expansibility. Experiments show that the system can effectively detect network and host attacks, with real-time response. Distributed architecture enables the system to detect complicated attacks which single IDS can't detect.
Keywords/Search Tags:Network security, Intrusion prevention, Firewall, Linkag
Related items