Ips Intrusion Response Based On Threat Assessment And Realization

With the fast development of computer network and the improvement of society information technology, computer network is making our lives more and more convenient, however, there are more and more challenges of network security we have to face with. Intrusion prevention system (IPS) is a fresh info-security technology to the disadvantages of firewall and intrusion detection system (IDS).IPS integrates the advantages of firewall and IDS, and can provide the active and real-time ability of intrusion response to the protected network.Network intrusion prevention system is composed of three parts: the data packet processing, intrusion detection and intrusion response.Intrusion reponse can respond to the intrusion events immediately after it detects them, in order to reduce the damage of network attack to the minimum degree. In this dissertation, the main work of the author focuses on the part of intrusion response in IPS. Based on the deep analysis of arehitecture and decision policy of existing IRS,a new response decision model is introduced.This thesis firstly introduces the working principles,general features and differrent classification of IPS ,then analyses the progress,research and key technologies of threat assessment and intrusion response,and then focuses on the intrusion response decision techmology based on threat,which is the key content of this thesis.This thesis puts its emphasis on three core modules of the system: risk assessment module, response decision module and response execution module. Finally,the test result on the system is presented.Mainly covering the following aspects:1. A detailed introduction of the network intrusion prevention system of the overall program, including hardware selection, the main software architecture, intrusion response module design and performance considerations is given.2. Introducing threat assessment of network attacks to IRS,considering the threat as a key factor in the process of response decision.3. The threat of a network attack is determined by three aspects of factor: attack severity, probability to succeed, the importance of objective.4. Introducing response goal to our IRS,taking different measures according to different goals.5. Designing and implementing an IRS based on threat. And test results show that the system could respond to attack events immediately and reasonably,reduce the rate of false alarm,so it has achieved the goal of our design.