本文已被:浏览 1892次 下载 3361次
Received:January 20, 2011 Revised:February 23, 2011
Received:January 20, 2011 Revised:February 23, 2011
中文摘要: 为了改进当前IPS 面临性能瓶颈、误报、漏报和攻击速度等问题,提出了一种分布式“分析与检测+集中控制+升级服务”架构的网络入侵防御系统。分析与检测主要采用协议识别和分析、协议异常检测、流量异常检测及响应方式等,集中控制主要用于监测控制入侵检测与防御系统的运行及其系统配置,升级服务负责定期提供攻击特征库的升级更新,使系统提供最前沿的安全保障。同时兼容其他安全产品,形成深度防御体系,最大限度地保护企业和组织的网络安全。
Abstract:In order to improve the current performance bottlenecks facing IPS, false positive, false negative and attack speed issue etc, this paper presents a distributed “analysis and testing+centralized control+upgrade services” Architecture for Network Intrusion Detection and Prevention System. Analysis and testing can be achieved mainly through protocol identification and analysis, protocol anomaly detection, traffic anomaly detection and response methods. Centralized control is primarily used for intrusion detection and prevention monitoring and control system operation and system configuration. Upgrade Service is responsible for regular upgrades attack signature updates to make sure that the system provides the most cutting-edge security. Compatible with other security products, this system forms the depth of defense, to protect businesses and organizations to maximize network security.
keywords: intrusion detection and prevention protocol identification anomaly detection flow monitoring network attacks
文章编号: 中图分类号: 文献标志码:
基金项目:国家改委信息安全产品专项基金(发改办高技[20091886 号])
引用文本:
薛辉,邓军,叶柏龙,陆兰.一种分布式网络入侵防御系统.计算机系统应用,2011,20(7):22-25
XUE Hui,DENG Jun,YE Bai-Long,LU Lan.A Distributed Network Intrusion Prevention System.COMPUTER SYSTEMS APPLICATIONS,2011,20(7):22-25
薛辉,邓军,叶柏龙,陆兰.一种分布式网络入侵防御系统.计算机系统应用,2011,20(7):22-25
XUE Hui,DENG Jun,YE Bai-Long,LU Lan.A Distributed Network Intrusion Prevention System.COMPUTER SYSTEMS APPLICATIONS,2011,20(7):22-25
