Rule-based Linux Platform Conversion Intrusion Defense System (rtips) Research And Design

The network environment becomes more and more complex, and the new methods of attacks occur increasingly, therefore single security technology can't satisfy the need for network security of corporations. Intrusion Prevention System(IPS) is fresh info-security technology to make up for the inabilities of firewall and Intrusion Detection System (IDS). Firewall is able to defense attack actively, and IDS has the ability to detect network traffic. IPS implements tightly interactions between firewall and IDS by integrating their advantages to provide more effective security protection.At the very beginning, the thesis introduces intrusion detection technology and firewall technology relating to the topic, and then gives a thoroughly overview of the development and classification of IPS. Then the design rule and framework of the Rule Transform-based Intrusion Prevention System on Linux(RTIPS) are discussed. Then the design in detail and realization of RTIPS are given. Of course, the testing result of a kernel module in this system has been illustrated.RTIPS integrates the technologies of firewall and IDS. Relying on the cooperation between these components, it improves the active and real-time ability of intrusion response. Furthermore, it implements complete protection of network environment and improves the entire security.