Research On The Intrusion Detection And Strategy Configuration Of Distributed Firewall

Internet has undoubtedly become basic infrastructure of modern society. Networkapplications such as E-Commerce, E-Government, information exchange, videoconference have been widely applied to every corner of social life, in the mean timebrought in various security risks. Attacks from internal staffs and external hackers bringin great loss to enterprises and society. To deal with the frequent emergence of thedistributed, multi-objective modular network attacks and hacking, intrusion detectiontechnology, especially firewall and intrusion detection technologies, have become thepromising hot topics of present study.Intrusion detection technology is able to locate, monitor, and report behaviorviolating security policy in the network. Distributed firewall technology has beenapplied to replace the traditional Firewall, which features manual strategy configurationand inability of detecting intrusion from inside. Unlike traditional firewall, distributedfirewall utilize a security center to generate security strategies, and distribute thesestrategies to each node. However, this central control technology has the drawback ofoverloading. To solve this issue, the evolved Intelligent Node Overlay Network basedon distributed firewall intrusion detection technology has been built above the existingnetwork layer to form a multi-layer network，which separates network bearer andmanagement without changing existing network structure. The intrusion detectionsystem on the evolved Intelligent Node is able to detect the intrusion from sampledtraffic data. Then the evolved Intelligent Node generates corresponding distributedfirewall strategies, and unified distributes these stategies to each firewall for distributeddefending. Taking the full advantage of the evolved Intelligent Node’s cognitive abilityof intrusion detection, the scope of detection range is expanded, while the load of thecontrol center is reduced.The main work of this paper are1) policy configuration for distributed firewallbased on evolved Intelligent Node Overlay Network structure, and2) application ofimproved Isometric Mapping and optimized Relevant Vector Machine for IntrusionDetection System. Based on intrusion detection technology of the pattern recognitionframework, this paper discusses dimension reduction of system features andclassification detection for the distributed firewall based intrusion detection technology,meanwhile conduct various experiments to evaluate the performance. The main achievement includes three aspects:1) Designed the basic framework ofdistributed network security system based on eINON architecture. The framework isdivided into Intrusion Detection module and Firewall Strategy Configuration module.When the intrusion detection system on the eIN detects the attack from sampled trafficdata, the eIN generates, distribute, and configure corresponding firewall policy to eachfirewall.2) In order to improve present ISOMAP-SVM intrusion detection mode,KFLD-ISOMAP and parameter optimized RVM are applied to Intrusion DetectionModel. The experimental results show that the model has lower false alarm rate thanLISOMAP-SVM mode and traditional PCA-SVM mode while maintain the samedetection rate.3) Policy configuration through ssh from the remote computer realizesfast IP speed limitation and blacklist modification.