Design And Implementation Of Intrusion Prevention System Based On Extended CW Model

The Operation System (OS) of the present mainstream appears leaks every year, at the same time, more and more security bugs are found in applications, which threaten the security of host computers. On the other hand, classic protection methods, such as firewall,intrusion detection system(IDS) and anti-virus software, can not deal with the new attack because of their work mechanism. The Intrusion Prevention system (IPS) has provided a new solution. Detailed researches are done about how to design and implement IPS in the thesis. The main content of this paper are stated as follows:1. Based on the analyzing of security mechanism of Windows NT OS series and representative attacks, we sum up a general attack process and point out that the design of IPS should be based on an integrity security model.2. Through the analyzing and comparing of classic integrity security model, to avoid the application problem of the Clark-Wilson (CW) security model and by the requirement of protecting host and network effectively, extended CW security model is brought forward. It has same integrity level as CW security model, but more flexible. The architecture of the IPS based on extended CW security model is designed. The IPS is made of host subsystem and network subsystem.3. Host subsystem which is based on Windows NT OS series, and the Network subsystem, which is based on high performance content-filtration platform made in our country, is implemented with requests of the architecture of the IPS. The host subsystem inspects system call in OS kernel, controls the behavior of OS and applications according to the host rules, with the Integrity Verification Procedures that validate the original integrity state of the OS according to the CDIs, host subsystem can protect the integrity of host computer against attacks. The network subsystem integrates intrusion prevention,URL filtering,anti-virtues,anti-Dos and content filtering into a single equipment. It can filter the attacks, viruses and sensitive information in network data. It is a good-supplement for host security.The test for the IPS is done. The result shows our IPS can prevent attacks effectively.