| Intrusion prevention system(IPS) is an initiative and active prevention system for preventing intrusion.IPS integrates the protection function of firewall and the network data packets detection of intrusion detection system,and it not only can detect the occurrence of the invasion,but also can terminate the occurrence and development of the invasion action through a certain response, and prevent the information system from malicious attack.This thesis begins with the research on working principle,the advantages and the disadvantages, and the existing technical barriers of intrusion prevention system, and then analyses the problems of that IPS with the single sensor structure often can't afford the attack that scattered with time and space,and even will lead to the bottlenecks of performance and new denial of service attack,further more, the known attack can be prevented by IPS,but the unknown attack is often omitted.Thus,the thesis adopts the theory of multi-sensor data fusion and the data mining,brings up a multi-layer IPS model based on the principle of "detection and prevention,deep analysis".The model uses the multi-sensor and the object-oriented data fusion algorithm to remove the redundancy of data on the basis of classification of events,and analyses deeply the invasion action in fusion center,and then generates the new invasion pattern of unknown attack through data mining.The model enhances the efficiency and performance of the invasion defense with distributed detection,hierarchical protection and deep analysis.Finally,this thesis builds a simple prototype of IPS on the theoretical research,and proves the feasibility and effectiveness of the model in invasion detection and prevention through the simulation results,it significantly reduces the false positives and omissions compared with traditional single sensor IPS. |
PDF Full Text Request