| So far, the products for protecting network security can be found anywhere, but most of them can be only used in specific field and can't communicate with each other fully, as for the novel and various attacks, they are unable to guarantee a comprehensive safety environment. Then, integrated network security equipment, which unifies some important security technologies together, emerges as the times require.Integrated network security equipment has three main function modules, which are traffic statistics, intrusion detection and border access control. However, these modules are relatively independent and rarely shareable, it's hard to respond attacks immediately. Firstly, the current study on security technology integration is introduced. Furthermore, the knowledge of firewall, intrusion detection and fuzzy comprehensive evaluation is fully explained. Firewall can interdict attacks in no time, and intrusion detection can inspect attack behaviors in real time, in addition, fuzzy comprehensive evaluation can simulate human's thought to judge the malign behaviors. If these technologies can be effectively combined, it would be a desirable way to prevent and check network attacks.Secondly, the structure of integrated network security equipment is particularly analyzed. It has two independent working parts, namely, management unit and protection unit. It also has reliable hardware and great performance, which facilitate its extensively application. In addition, the equipment works in a transparent bridge mode, so it's easy to access and handle. Not only general design is outlined in this part, but also the detailed fulfillment of each part is explained.Thirdly, an attack response schema based on fuzzy comprehensive evaluation is proposed. When intrusion detection finds out some suspicious behavior, the related information could be sent to fuzzy comprehensive evaluation system for analysis and evaluation. If the result indicates the dangerous level is high, this connection should be cut off immediately by border access control.Finally, the experiment based on the schema is implemented. When management system receives the alert event produced by intrusion detection from protection system, the latest alert time, related alert number, priority and the address of interior computer should be extracted. Then, confirm the single element evaluation for each element according to the contents of defined evaluation set, and compose the evaluation matrix. Next, to calculate the fuzzy comprehensive evaluation set. And then, to choose the result, which corresponds with the max value, as the final outcome for the alert behavior. If it indicates the danger level is high or relatively high, the strategy of border access control should be executed to cut off the connection.After the contrast of statistic alert data with the one before, it's desirable to find out the number of alert events is decreased greatly, and the daily network activities are all normal. Then, the final conclusion could be obtained. This schema is feasible, and the equipment with the schema can deal with the alert event automatically, respond the attack immediately and fulfill the effect of security protection preferably. |
PDF Full Text Request