Research On IPS Detection Model And Algorithm

With the rapid development of network technology, network security has become increasingly important. Traditional security protection technology has been difficult to cope with such a complicated network of means of attack, while facing a new means of attack and system vulnerabilities appear frequently, traditional intrusion detection technology and firewall technology has not solve today's critical issues facing the network. In this case, the intrusion prevention system came into being. Intrusion prevention system is a kind of intrusion protection technology which emerging in recent years, it can effectively monitor the network behavior and found that malicious network attacks, and thus a timely and effective manner in response to the attack, blocking the illegal attacks on the network damage.In this paper, we analysis and research the traditional network security technologies, compared them with the intrusion prevention technologies, analysis of the existing intrusion detection system deficiencies, as well as the advantages and development direction of intrusion prevention system. On this basis, we analysis the current intrusion prevention technology, the defects and deficiencies of Intrusion prevention technology, this paper presents a sliding window-based intrusion prevention technology, which will be protocol analysis techniques, sliding window techniques, statistical analysis techniques combined. The technology use the characteristics of hierarchical network protocols, for each protocol to establish the corresponding sliding window and the rule base, allowing detection engine based on the current status of network data traffic changes in the statistical analysis, allowing rapid and efficient network to determine a new arrival whether the data as abnormal data.In addition, this paper adopts sliding window-based intrusion prevention technology as the core, to Snort-based platform, designed and implemented a sliding window-based intrusion prevention model to verify the validity of the defense technology. A concrete realization of the process in the model, using circular linked list implementation of the model-based sliding window of the detection engine, which can effectively reduce system memory consumption. Experimental results show that the model can effectively block malicious attacks on network data flow and improve the system processing performance and detection rates, reducing the system false alarm rate and omission rate.