The Research And Design Of Intrusion Prevention System

With the popularization and development of internet, the whole world has been merging into a great integral one, in which space and time is shortening. Internet has become very prevalent around the every domain of our life and economy, which is greatly relied on by the society. However, many kinds of problems related with internet such as security problems has been emerging and widening. Therefore, it is important and vital to understand a great number types of threats of network to prevent, remove and eliminate these threats, achieving the real safe network. Therefore, network safety researchers have developed several techniques mainly including the intrusion detection system (IDS), trap host (honey pot) technique, virtual private network (VPN) and fire wall etc. These methods and measures can partially raise the intrusion defense capability. Nevertheless, limitations, disadvantages and shortages still exist. Therefore intrusion prevention technique has attracted considerable attention and gradually become an important and harmful vital research field of the security technique in recent years.Nowadays instruction detection system (IDS) is a popular and basic safety structure, and another hotpoint of information security product after firewall.However, there are some serious shortcomings existed in IDS so far. Some common IDS solutions are very difficult to be managed or maintained.It takes much time and energy to maintain sensor's security strategy update.IDS can only monitor network's health situation, but can't perfectly resist various network attack and network virus. Although it has defense ability, It is always delayed and can not prevent attacking.How to effectively improve network defense speed and efficiency, and reduce cost, is an issue that network defense system researchers have concentrated on for a long time.Great attention has been paid on improving network protection system's response speed and efficiency in this paper, analyzing the existing problems and the difficulties in designing and realizing IPS system. Honeypot seems to a intelligence-gathering system, which is a class of active defence technologies. Honeypot always collect and capture activity information and data by attracting the attackers to attack it. The further measure is to study the behavior and intention of the attackers. In this paper, extensive researches about the key technologies of realizing the honeypot. We have designed a high-performance honeypot system which is aimed at security defense. This system possesses the ability of actual application, by which the unknown attacks from the outside are able to be catched. Then it can find the safe vulnerabilities, analyze the selected data and information, further to guess the attack intention and motivation of the attackers. With such a measure, we can master the attack methods and tools of the attackers in order to strengthen the prevention ability of the safe security system.In this paper, in-depth study of the IPS and the honeypot technology, and basic principles of composition, based on the design of a security and defense systems are based on IPS and the honeypot system. This paper first studied the IPS and the honey pot with the fundamental principles and composition of the structure of the security and defense system is designed. Followed by analysis of the Honeyd honeypot works and through analysis snort_inline and Netfilter source code focuses on the linkage between the two to achieve the principles of intrusion defense system. Experiments show the security defense system and the honeypot IPS functionality and implementation process.DDoS attack is one of the hardest network security problems because of the difficulty of finding attack patterns and attack sources. While many exiting schemes focus on detecting attack or tracing attack source, little is done to control the flow after detection and tracing. Most schemes simply drop the attack traffic after detection, thus the performances rely on the precision of detection heavily.The paper expounded DDoS attack principles methods. It analyzed and improved DDoS detect algorithm.