| Since information security problem has become the biggest threat to the continuity of service application, Network intrusion prevention system is going to be applied more and more widely in domestic informatization application as it is a real-time defense system with low complexity of security management. However, the detection accuracy of the system is greatly affected by the evasion scheme. Summarizing existing evasion methods and designing anti-evasion models with pertinence based on practice are key research topics of this Thesis.Based on analysis of attack-defense contradiction of the evasion methods, the key problems in design of active intrusion prevention system are tackled through epurating the demand and standardizing the process procedure, resulting in a breakthrough in these key techniques.Compared with research results at home and abroad, this thesis made breakthroughs in several aspects:1. a normalized processing mode of message is proposed and unified triggering conditions of intrusion prevention model are designed; 2. instead of single feature matching, protocol identification and feature matching are combined in order to improve the problem of false alarm; 3. base on two most common methods:forwarding and blocking, flow restriction is proposed as a third choice. |
PDF Full Text Request