Research On Key Technologies Of Intrusion Prevention System

Comparing with the security protection scheme of the IDS and the firewall, the IPScan provide an active real-time protection. With the increase of network traffic, theimprovement of the real-time throughput flexibility and scalability of the intrusionprevention system has far-reaching significance. The increasing network attackapproaches in a more subtle way highlights the necessity of network security research,especially the improvement of detection rate and the reduction of the false alarm rate inIPS.In order to improve the flexibility, scalability, performance, and detectionefficiency of the IPS for purpose, a high performance intrusion prevention system isdesigned and achieved. The main contents of this dissertation are mentioned asfollowing:1. Researched and analysised the development of the instruction prevention systemand its tendency, disadvantages of the IDS, the firewall. The Intrusion preventionsystem was summarized in this paper.2. Researched and analysised the denial of service attack detection technology.Refering to the network adaptive principle, probability statistics algorithm and adaptivethreshold algorithm, puts forward a comprehensive multi-level evaluation of adaptivethreshold algorithm based on probability and statistics, which can effectively reduce thedetection time, improve the accuracy of detection.3. Researched and analysised the abnormal detection technology and the currentanomaly detection algorithms. An anomaly detection algorithm based on simplifiedcharacteristics was completed and tested.4. Researched Octeon CN3860’s features, such as network processors formulti-core platform hardware features, and the working principle. Completed the designof the structure of the system in the hardware platform. The plug-in structure wasimported to the IPS. The performance of the system was improved by using theconcurrency and cache mechanism.By using various network security testing equipments and setting up the testing environment in the Key Laboratory of information security in Sichuan Province tocomplete the verification of the system and the algorithm, this essay shows that thesystem cache mechanism design can effectively improve the processing performance ofthe system. The use of adaptive threshold algorithm based on the probability andstatistics and the network self-similarity principle can improve the accuracy of detection,and the anomaly detection algorithm has better detection effect than other algorithms.