| In the present distributed network security system, intrusion detection and firewall often work cooperatively to prevent hacker's attack. However, because in the network there are more and more "integrated" attacks but less "single" attacks, present distributed network security system holds many defects in facing those "integrated attacks " trend. For example, the cooperation of IDS and firewall can effectively deal with some simple intrusion, but will become inept in facing "Worm.LovGate.T", one attack with functions of worm, back-door and hacker.In addition, although firewall can effectively prevent some protocol-layer attacks, such as Spoofing and Denial of Service, it can't fulfill the requirement based on content security and prevent the transmission of those files and programs infected by virus. According to the normal antivirus software based on host, although it has become very mature, to prevent those new type virus spread in the internet, it must be updated in every computer. In this case, it is unavoidable that some computer is omitted and can't be update. Due to such miss, the intact protection for network is unavailable and the system will be vulnerable to some attacks.To overcome those problems described above, in CIPS (Cooperative Intrusion Prevention System), an integrated scheme for network security is putted forward by combining antivirus techniques tightly. Besides, the technique for Network Content Security Analysis is used to prevent network virus, thereby ensuring content security.In CIPS, the analysis of content security combines content filter and virus detection together with the goal of monitoring the content of the information transmitted in the network. This technique makes use of virus' promulgating approach and characters. To perform it, the transmission-layer data package captured from network's will be recomposed firstly to recover the application-layer message, and then the application-layer message will be construed to obtain the information which can be understood by user. With the help of such scheme, system can detect virus exactly and match banned content precisely. In this scheme, the incoming data package will be recomposed and recovered, and then highly effective content filter algorithm will be used to sift those texts with invalid, blowing the gaff, reactive and pornographic content. Besides content filter, the antivirus engine will be used to detect, segregate and disinfect those virus or worms in the text files, attacked files and up/down load files. Because different antivirus engine has its own advantages as well as defects, CIPS integrates multiply antivirus engines together to exert their advantages and avoid their defects, thereby obtaining exact performance. The experiment results show that, content-security analysis in CIPS can effectively block junk email, prevent network virus and sift banned content in real time. |
PDF Full Text Request