A Study On Firewall And Ids Linkage Algorithm

As the common security technology, firewall and IDS has been widely used in the network. Facing to the ever-changing network environment, security products working alone can not meet the demand. According to the research of linkage technology and linkage system, we study the firewall and IDS working process. Under the existing deficiencies of linkage system technology and algorithm, we propose a new algorithm, as well as to improve the original algorithm.Main work of this paper:(1)Analysis of the respective capabilities principle of firewall and IDS, and commonly used method, analyze the respective advantages and shortcomings, made the need for linkage.(2)Proposing linkage model of firewall and IDS, describing the role of each module, implementing socket-based communication .Analyzing the structure and work process of Snort-based IDS and based on Netfilter /Iptables firewall. Achieving data packet capture modules based on Libpcap and packet filtering firewall rules setting.(3) Analyzing the performance parameters of IDS, calculating the linkage loss of linkage system ,as the basis for select a appropriate response strategies Analyzing the workflow of linkage system, designing pre-analysis components, analysis components, strategy selection module and so on. Defining system communication format , focusing on analysis of strategy process.(4)According to the performance and alarm accuracy of IDS ,we analyze the linkage loss because of the deficiencies of IDS ,then improve IDS alarming similarity algorithm .The algorithm is based on source destination address, port and time of attack, Calculate the similarity of alarm information.(5) According to the managing principles of dynamic firewall rules, we put forward maintaining and updating algorithm of dynamic rules .The algorithm considers the various factors that affecting the actual attack fully .According to harmful levels of specific attacks and system restore degree, calculated according to the specific data and obtained the degree of importance of the dynamic rules. According to that, the system updates the dynamic rules automatically.