Research And Design Of Network Intrusion Prevention System Based On Snort

With the wide application and development of network,the network security problem has already received people's attention. The network environment becomes more and more complicated and new attack methods arise increasingly,therefore a single security technology can no longer guarantee the security of network information. Intrusion Prevention System (IPS) is a kind of active,positive intrusion defense system and embedded blocking system. Intrusion Prevention technology is a new kind of information security technology to make up for the deficiencies of the firewall and the intrusion detection system in the network security field.For its important academic and application value,it has become a popular research topic of network information security technology in recent years.Firstly,this paper briefly introduces some basic knowledge of the network intrusion prevention system,researches and analysises some related technologies of the network security solution scheme,such as firewall, vulnerability scanning, intrusion detection, honeypot etc.Secondly, we put forward a method using high-speed data acquisition combine with distributed processing to solve the application bottleneck problem of IPS in the high-speed network environment,and then reseach the most serious damage DDoS attack of the current network attacks and give an improved and optimized DDoS algorithm,which reduces the reporting omission of system for the IP address deception and improves the efficiency of defense against DDoS attack.After researching and analysising the various security technologies,we put forward an compositive solution scheme of the network intrusion prevention through compositively applying the firewall,vulnerability scanning technology,honeypot technology and IPS technology aiming at the current security solution scheme's insufficiency.This scheme uses the ordinary PC hardware condition on the Linux platform and combines with the free,open-source Snort detection system,firewall technology,the Netfilter/iptables frame,the vulnerability scanning technology and honeypot technology to construct a high efficiency, low misstatement, low omission, low cost network intrusion prevention system based on Snort.Then according to the scheme,we design and implement each module of the NIPS comparative detailedly,and make a simple test and analysis of the results.Finally,this paper summarizes all the work it has done,and puts forward the further direction of work.