The Study Of An Intrusion Defense-in-Depth Model

Posted on:2005-05-09

Degree:Master

Type:Thesis

Country:China

Candidate:F Xu

Full Text:PDF

GTID:2120360125461670

Subject:Operational Research and Cybernetics

Abstract/Summary:

PDF Full Text Request

Intrusion Prevention System is an initiative, active intrusion prevention system, which is introduced as a new security defense tool in recent years. Once detecting attacks intentions, it will drop attack packets or blocks attacks source address so that information system will not be offended. While IPS whose detection algorithm is not very effective, is likely to lead to high false positive rate and false negative rate, and it's single sensor structure is incapable of detection of coordinated attack. As a result, it is likely to result in DoS, bottleneck and some other problems. In order to address these problems, we develop a novel intrusion prevention model.At first, this paper analyses traditional IPS in detail, then points out it's advantages and insufficiencies, and proposes a "detection and defense - analysis and response" double-layered prevention model based on defense-in-depth theory. This model achieves distributed detection, layered defense, and can detect stealthier attacks. In addition, this model not only can defend the threats from outer, but also can prevent the attacks from inner. This approach enables us to increase the effectiveness and capability of IPS greatly.Then this thesis introduces the inducing level of data fusion. This paper focuses on the studyand design of the second level : "analysis response" component, which uses Objected-Oriented(OO) data fusion algorithm and "prerequisites and consequences" correlation method toassociate the alerts from multi-sensors, and has a data fusion center based on blackboardarchitecture.And then, integrating with network management system, this paper designs a novel intrusion Defense-in-Depth system satisfied with medium and small networks based on theory study. The feasibility of the detection and prevention intrusion of this model is proved according to the simulation experiment. As a result, it reduces false positive and false negative rate.Finally, a summary is given in the 4th section and the future research directions are also pointed out.

Keywords/Search Tags:

Intrusion Prevention, Defense -in-Depth, Alerts, Data Fusion

PDF Full Text Request

Related items

1	Perimeter Intrusion Defense System Based On MET Geophone
2	Research On Intrusion Prevention Technology Based On Three-Way Decisions And Deep Learning
3	Uncertainty Analysis And Fusion Research Of Multi-source Snow Depth Data
4	Research On Grape Climate Regionalization And Risk Prevention Technology Integration In China From 1979 To 2018 Based On Multi-source Fusion Data
5	Two Data Depths And Depth-weighted M-estimation
6	Survey And Research On Seawater Intrusion In The Yandaihe Plain Of Qinhuangdao City
7	Seawater Intrusion Dagujia Estuary Plain Area Of Yantai Control
8	Research On The Construction Method Of Seabed Terrain Dataset Based On The Fusion Of Multisource Information
9	The Study Of Electrical Methodin The Test Of Seawater Intrusion In Quanzhou
10	Study Of The Water Depth By Using The High Resolution Satellite Stereoscopic Detection In Shallow Water