| Intrusion prevention system (IPS) is a new network safety technology developed in recent years. IPS is more intelligent and active than firewall and intrusion detection system (IDS) ,and can protect computer and network from unknown attack This article makes some research on IPS analyses its basic principle, security policy, key technologies, advantages and disadvantages, and design method of a basic network-based intrusion prevention system (NIPS).IPS is based on PDRR dynamic network security model. PDRR provides dynamic, entire and deep defense. IPS integrates access control technology and detection technology as two modules in one system. The two modules can make up for each other, provide higher security for internet.The target of IPS is prevention, so the purpose of detection is prevention too, but IDS is different, the one of IDS is audit. IPS is on-line, embedded in the network stream, so it can interdict intrusion immediately. IPS is more active than IDS.IPS uses dynamic security policy. It means the policy is dynamic, changeable, and selfadaptable to the dynamic network environment. IPS is independent on the people, is more active and aimed. It can refresh its rule libraries and prevent the invasions automatically.NIPS successfully resolve the payload matter resulted from deep detection, raises detection efficiency. NIPS can make analysis on both a single package and the data streams; this enlarges the depth and width of detection.IPS has higher-level detection technology than IDS, such as behavior analysis, deep content search, analysis based on applications, defect protection, protocol analysis, detection based on attack pattern. In this article, the design of NIPS focuses on two basic detection technologies: deep content search and behavior analysis. These two technologies implement basic and main detection function of IPS; other detection technologies are based on these two ones. |
PDF Full Text Request