| 基于nDPI的轻量级入侵检测与防御系统的设计与实现 |
| |
| 引用本文: | 韦小刚. 基于nDPI的轻量级入侵检测与防御系统的设计与实现[J]. 计算机应用与软件, 2019, 36(8): 317-319,333 |
| |
| 作者姓名: | 韦小刚 |
| |
| 作者单位: | 南瑞集团有限公司(国网电力科学研究院有限公司) 江苏 南京 210003 |
| |
| 基金项目: | 国家电网总部科技资助项目 |
| |
| 摘 要: | 移动互联给人们带来便利的同时,也引入了许多安全风险。针对特定业务的安全防护,因为业务协议单一,业务访问量不大,流量分析及非法协议识别等技术手段可有效检测出网络攻击。采用主流的网络抓包手段,基于nDPI深度报检测技术,设计并实现轻量级的入侵检测与防御系统。测试结果表明,该系统可以通过流量检测出异常协议,并追溯到相应终端,从而进行异常终端响应处置,阻断从终端发起的异常连接,从而达到入侵防御的目的。
|
| 关 键 词: | 入侵检测 入侵防御 流量分析 协议识别 |
DESIGN AND IMPLEMENTATION OF LIGHTWEIGHT INTRUSION DETECTION AND PREVENTION SYSTEM BASED ON NDPI |
| |
| Wei Xiaogang. DESIGN AND IMPLEMENTATION OF LIGHTWEIGHT INTRUSION DETECTION AND PREVENTION SYSTEM BASED ON NDPI[J]. Computer Applications and Software, 2019, 36(8): 317-319,333 |
| |
| Authors: | Wei Xiaogang |
| |
| Affiliation: | (NARI Group Corporation/State Grid Electric Power Research Institute,Nanjing 210003,Jiangsu,China) |
| |
| Abstract: | While mobile Internet brings convenience to people,it also introduces many security risks.For security protection of specific business,the technical means such as traffic analysis and illegal protocol identification can effectively detect network attacks,because of the simple business protocol and small business access.This paper proposed a lightweight intrusion detection and prevention method,based on nDPI,adopting common network packet capture means for design and implementation of a lightweight intrusion detection and prevention system.The test results show that the system can detect the abnormal protocol through the traffic and trace back to the corresponding terminal,so as to handle the abnormal terminal response and block the abnormal connection initiated from the terminal,thereby achieving the purpose of intrusion prevention. |
| |
| Keywords: | Intrusion detection Intrusion prevention Traffic analysis Protocol identification |
| 本文献已被 维普 万方数据 等数据库收录! |
|
