Research And Design Of An IPS-based Detection Engine

With human society advances, the rapid development of the computer network, the social information unceasing enhancement, the network has brought people great social and economic benefits, meanwhile, the network security question comes along. Hacker attacks and computer viruses to computer network has caused enormous threat. The existence of high-speed network that the attacker given attack methods and form becoming more diverse, the complication, attack increasing the scale of the attacker's technical level gradually was also to ascend, the attack system also shows ascendant trend, therefore, how to protect network system, make its are not attack has become the urgent problems. In recent years, the rise in network security, a network technology-Intrusion Prevention System, Intrusion Prevention System and firewalls than the Intrusion Detection System has certain advantage,such as:initiative, intelligent, and to the unknown types of attacks, still can give protection of computer network System.Firstly, the Intrusion Detection System and Intrusion Prevention System based on the theory of in-depth research. On the analysis of the common intrusion means and intrusion defense system based on the present research, discussed the challenges facing the current detection technology and its development trend.Secondly, in the cyber security vulnerabilities, on the basis of intrusion defense system detecting technology is studied. This system detecting technology mainly divided into the anomaly detection and misuse detection technology, technology at home and abroad and popular network intrusion defense system uses mostly is misuse detection technology. This paper uses is anomaly detection and misuse detection technology combine technologies, among them, the anomaly detection based on a statistical analysis of the use of statistical method, Multiple patterns match is used in misuse detection, Misuse detection technology first is to analyzer known attack, pick up characters of attacks, and detect whether the network packet appears in the intrusion rule set to determine whether instruction has happened.Finally, using statistical analysis, multiple patterns match and protocol analysis fusion technology, IPS-based detection engine is designed and realized. This topic through the list of rules the establishment of index of rules, order, according to different dynamically adjust to capture the agreement we analyze the packet inspection module in rules, adopted many pattern matching algorithm, effectively improve the detection speed and efficiency of the rules, and enhance the system detection, defensive performance.