| With the spread of network technology, network environment becomes more and more complicated, new attack methods arise increasingly; therefore single security technology can't satisfy the need of network security of corporations. Intrusion prevention system (IPS) is a new info-security technology to make up for the disadvantages of firewall and intrusion detection system (IDS). Intrusion prevention system is an active intrusion defense system, which is introduced as a new security defense tool in recent years. While IPS finds an intrusion intension, it will interdict the link and discard the network packages so that information system will not be offended. However current detection algorithm of IPS is not effective, likely to lead to high false positive rate and false negative rate, and it's single sensor structure is incapable of detection of coordinated attack. As a result, it is likely to result in DoS attack, performance bottleneck and some other problems. In order to resolve these problems, we develop a novel intrusion prevention model.Firewall is able to defense attack actively, and IDS has the ability to detect network traffic. IPS implements tightly interactions between firewall and IDS by integrating their advantages to provide more effective security protection. At the same time, defect scan technology and honeypot are capable to detect unknown attack and vicious behavior through attracting the attacks from Internet, thus, it can reduce the rate of positive negative and false negative. We make some research on the advantages and disadvantages of conventional network security technologies and foresee the trend of network technology, based on this, we propose a new security defense framework, which integrates defect scan technology, honeypot technology and the main function of conventional IPS to provide defense interface to detect all kinds of attacks, especially unknown ones. The new IPS can refresh its rule library according to the security policy and has higher speed and detection accuracy. The new IPS will provide entire and deep defense for the network.In this thesis, we first discourse upon the basis of network technology, analyze the advantages and disadvantages of firewall and IDS, analyze the characteristic, operation principle, key questions and trend of intrusion prevention system. Then we analyze particularly some possible, schemes of cooperative defense with intrusion... |
PDF Full Text Request