| This article describes the design and implementation of Intelligent Intrusion Detection & Prevention System (IIDPS). It is easy to filter some simple intrusive data-packet for firewall system,But it is difficult to detect complex intrusion for firewall system. My aim is to try to design a system based on IDS and firewall that can detect and prevent intrusion. For the access control of firewall is a mechanism of simple packet filter, it can't detect intrusion. For most linkages of IDS listen to the network data stream by the way of pass-by, it limits the ability of intrusion prevention. For the limitation of IDS and firewall, it was put forward to prevent intrusion effectively that make the IDS and firewall combined. The new system is made of two parts , one is to filter data-packets,another is to detect intrusion actions with intelligence. Both parts run in parallel and independently. I select the frame of netfilter,which was implemented on IPv4 protocols in Linux 2.4 OS,as the base of packet-filter in new system. I select Snort system,which is a IDS of open source code,as the base of intrusion detection in new system. The IIDPS system has some advantages: 1) based on intelligent detection algorithm. 2) has general intrusion detection. 3) Integrated misuse detection and anomaly detection to improve the accuracy of intrusion detection. 4) Use technology of multi-thread to enhance system efficiency. |
PDF Full Text Request