| 入侵防御系统研究 |
| |
| 引用本文: | 吴海燕,蒋东兴,程志锐,高国柱.入侵防御系统研究[J].计算机工程与设计,2007,28(24):5844-5846,5866. |
| |
| 作者姓名: | 吴海燕 蒋东兴 程志锐 高国柱 |
| |
| 作者单位: | 清华大学,计算机与信息管理中心,北京,100084 |
| |
| 摘 要: | 入侵防御系统(IPS)是能够检测到任何攻击行为,包括已知和未知攻击,并能够有效地阻断攻击的硬件或者软件系统.讨论了入侵防御系统的概念和特征,分析了当前IPS的4种实现模型(在线模型、7层交换模型、7层防火墙模型和混合模型)的优缺点.为解决这些模型在同时提高网络性能和入侵检测准确度方面的难题,给出了一个基于WindForce千兆网络数据控制卡的嵌入式入侵防御系统的实现实例.
|
| 关 键 词: | 入侵防御系统 网络入侵防御系统 嵌入式入侵防御系统 高速网络 入侵检测系统 防火墙 网络安全 入侵防御系统 研究 system prevention intrusion 嵌入式 控制卡 网络数据 千兆 检测准确度 网络性能 混合模型 防火墙模型 交换模型 在线模型 实现模型 分析 概念和特征 软件系统 硬件 |
| 文章编号: | 1000-7024(2007)24-5844-03 |
| 收稿时间: | 2007-02-02 |
| 修稿时间: | 2007年2月2日 |
Research of intrusion prevention system |
| |
| WU Hai-yan,JIANG Dong-xing,CHENG Zhi-rui,GAO Guo-zhu.Research of intrusion prevention system[J].Computer Engineering and Design,2007,28(24):5844-5846,5866. |
| |
| Authors: | WU Hai-yan JIANG Dong-xing CHENG Zhi-rui GAO Guo-zhu |
| |
| Abstract: | Intrusion prevention system (IPS) is defined as any hardware or software systems that are capable of detecting attacks, both known and unknown, and preventing the attacks from being successful. Firstly, the definition and properties of IPS is discussed, then advantages and disadvantages of four current IPS implementation models are analyzed, i.e. in-line model, layer seven switch model, layer seven firewall model and hybrid model. And as a result an embedded IPS implementation solution based on Giga-bit network data control card called WindForce is presented, aiming at solving the dilemma of those models of improving both network performance and precision of intrusion detection simultaneously. |
| |
| Keywords: | intrusion prevention system (IPS) network based IPS embedded IPS high-speed network intrusion detection system (IDS) firewall network security |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
