| The attack techniques are getting more and more sophisticated. And the automatic, distributed attacks are becoming more and more frequent. These attacks impact the network security seriously. The topic of the thesis is to research Fast Response System (FRS). The research aims to construct the architecture of FRS for detecting intrusion, tracing attack source, correlating alerts, evaluating the damage of attack, describing attack, and taking automatic response to attack.Three related projects, Cooperative Intrusion Traceback and Response Architecture (CITRA), Automatic Intrusion Detection Environment, and Adaptive, Agent-based, Intrusion Response System (AAIRS), are analyzed. Then, according to the requirements of FRS, new techniques such as attack source trace back, alerts analysis and automatic response to attack are addressed and implemented. Finally, in order to test and evaluate the FRS, the attack-defense experimentation is taken. The FRS is optimized in the light of the experimentation result.The achievements of this research include the design and implement of a FRS prototype. In the design of the prototype, architecture and program structure are analyzed and designed. The architecture of the FRS is characterized by integrating exiting network security techniques with some new functions. In the implement of the FRS, The security domain-based attack source trace back, which is the foundation of the FRS, is researched and developed. This is also the key work of the research. Another achievement of this research is the integration of attacks categorizing, alerts correlation and damage evaluation to address the attack analysis. Based on the result of attack analysis, some automatic and effective responses can be taken during the course of intrusion. |
PDF Full Text Request