• PDF / 1,828,363 Bytes
• 8 Pages / 439.37 x 666.142 pts Page_size
• 24 Downloads / 175 Views

DOWNLOAD

REPORT

Intrusion Prevention System Design Zongjian Wang and Xiaobo Li

Abstract Facing an increasingly severe situation of network security, the traditional firewall and intrusion detection systems cannot meet people’s needs; intrusion prevention system (IPS) started up on the historic stage. This article discusses the principles of IPS design and final design of the specific IPS model. Keywords IDS


Firewall
IPS
Attack
Data stream

47.1 The Concept of an Intrusion Prevention System We define the intrusion prevention system (IPS) which detect any known and unknown attacks without human intervention and can automatically stop the attacks under the hardware or software equipment. Gartner for IPS gave a further explanation: ‘‘IPS combination of multiple algorithms to block malicious behavior, you can know attacks while can also use anti-virus and IDS use of those methods at least one support strategies, behavior and anomaly-based the detection algorithm [1]. Algorithm must operate at the application layer, as standards, the network layer firewalls deal to add. It must also have the distinction between attacks and normal events of intelligence. IPS and firewall and IDS different, it is a can detect and respond to the invasion of ‘‘active defense’’ system.’’

Z. Wang (&)
X. Li School of Computer Engineering, Wei Fang University, Wei Fang 261000, China e-mail: [email protected] X. Li e-mail: [email protected]

Z. Zhong (ed.), Proceedings of the International Conference on Information Engineering and Applications (IEA) 2012, Lecture Notes in Electrical Engineering 218, DOI: 10.1007/978-1-4471-4847-0_47,  Springer-Verlag London 2013

375

376

Z. Wang and X. Li

47.2 The Classification of Intrusion Prevention System, Deployment, and Operation Principle 47.2.1 Classification of Intrusion Prevention System As far as the IPS is concerned, there are two common classifications are based on the timeline of attack and action-based platform. Based on the timeline of attack: The categorization is based on the new ‘‘zeroday’’, the ability of attack distinguishes between those that generally were classified as either detection of known attack or unknown attack by intrusion detection defense system. Based on the platform: This classification is based on intrusion defense systems to distinguish between platforms, normally divided into network-based intrusion prevention system (NIPS) and host-based intrusion prevention system (HIPS). NIPS monitors network traffic to identify malicious network segment or indifferent activities and is not certified to block [2]. HIPS is usually monitoring system calls and prevent any harmful requests. Problems tend to provide more advanced warning and to protect the wider computing environment, while HIPS tends to do host-specific identification of specific acts deeper. IPS deployed and working principle and the choice of platform is closely related, so in the following we discuss about the NIPS and HIPS.

47.2.2 Intrusion Prevention System Deployments NIPS is usually online installation, you can have real-t

Recommend Documents

System Intrusion Detection and Prevention

171 75 418KB

Intrusion Detection and Prevention

205 21 2MB

Intrusion Detection and Prevention Systems: A Review

199 67 43MB

Network Intrusion Detection and Prevention Concepts and Techniqu

150 79 3MB

Wireless and Intrusion Detection System Network Security

173 25 9MB

Intrusion Detection System Model Based on CGA

187 61 2MB

A Reliable Context-Aware Intrusion Tolerant System

156 108 15MB

Software-Defined Network-Based Intrusion Detection System

196 83 245KB

Intrusion

186 58 22KB

Research and Design of Shandong Province Animal Epidemic Prevention System Based on GIS

145 44 80MB

Intrusion Detection System Based on Cost Based Support Vector Machine

169 39 182KB

Marine Navigation and Ocean Crisis Prevention System

191 37 39MB