| This paper firstly summarizes the sate of the current network security, analyses and researches the mainly network security techniques (Firewall, IDS, IPS) , respectively summarizes their advantage and disadvantage, analyses the IPS in detail.Proposes an IPS model based on defense-in-depth theory. This model achieves distributed detection, layered defense, and can detect stealthier attacks. In addition, this model not only can defend the threats from outer, but also can prevent the attacks from inner. This approach enables us to increase the effectiveness and capability of IPS greatly.Researches these several techniques used in the IPS model in detail: proposes secure operation system, date fusion, DoS/DDoS defense.Secure operation system is the secure foundation of IPS. In order to improve the security of IPS, several methods are introduced, including modify network protocol stack and intercept system call, etc.Focuses on the study and design of the second level: "analysis response" model based on the inducing level of data fusion, which uses Objected-Oriented (00) data fusion algorithm to associate the information from multi-sensors, and has a data fusion center based on blackboard architecture.IPS model is the sensor of the system, proposes the IPS model based on the snort-inline.Based on the fact that current network security products can't recovery denial of service ( DoS ) /distributed denial of service (DDoS) attack, a new algorithm to prevent DoS/DDoS is designed by deeply researching on the DoS/DDoS attack and interrelated network protocols.The feasibility of the detection and prevention intrusion of this model is proved according to the simulation experiment.Finally, a summary is given and the future research directions are also pointed out. |
PDF Full Text Request