| 基于Linux的网络入侵防御系统的研究和设计 |
| |
| 作者单位: | 武汉科技大学计算机学院 湖北武汉430081 |
| |
| 摘 要: | 基于特征的入侵防御系统是目前的入侵防御技术的主流。分析研究Snort入侵检测系统和Netfilter防火墙的工作原理,对如何保障自身安全以及联动的方式进行探讨,利用插件技术、多线程技术设计编写相关协同模块,提出一种基于Snort和Netfilter的分布式入侵防御系统;针对Netfilter防火墙规则集的顺序敏感性的工作特点,对其规则的编写进行具体优化,提高系统工作效率。经过测试证明,该系统灵活高效,能够利用入侵检测系统的检测能力,动态地为防火墙定制过滤规则,阻断攻击源,从而达到入侵防御的目的。
|
| 关 键 词: | 入侵防御系统 入侵检测 包过滤 安全策略 主动防御 |
Research and Design of IPS Based on Linux |
| |
| LIAO Guang-zhong,LU Na. Research and Design of IPS Based on Linux[J]. Microcomputer Development, 2008, 0(6) |
| |
| Authors: | LIAO Guang-zhong LU Na |
| |
| Abstract: | Signature-based IPS is becoming the mainstream in intrusion prevention technologies nowadays.A distributed IPS based on Snort and Netfilter has been implemented by researching kernel codes of Snort and Netfilter.How to protect the system itself and the methods of interaction are discussed.Plug-in and multi-thread technologies were used in the relevant modules.Meanwhile,firewall rule set is optimized to improve system efficiency according to the working characteristic of Netfilter.The system not only can block the attack source by dynamically insert firewall rules according to IDS,but also prevent them effectively. |
| |
| Keywords: | IPS intrusion detection packet filter security policy active defense |
| 本文献已被 CNKI 等数据库收录! |
|
