摘要
传统网络入侵防御系统存在数据截取率和还原率低、检测误报率高等问题,无法保障用户信息安全。为了弥补传统防御系统的缺陷,提出持续攻击下智能网络入侵主动防御系统的设计。按照保障用户信息安全设计思想,将防御系统功能分为数据包捕获、协议分析、预处理、规则库、持续攻击检测和响应六大模块,并对各模块功能进行说明;根据广播以太网协议,分别在正常模式和混杂模式下对数据包进行捕获,采用数据链路层原始接口BPF机制访问链路层。为了快速解析字段信息,设计协议格式字段来分析字段协议包,由此实现网络入侵系统的主动防御。实验结果表明,该系统数据截取率和还原率高、检测误报率低,是一个比较全面的防护系统。
Traditional network intrusion prevention system has the problems of low data interception rate and low recovery rate,high detection false alarm rate,and can not guarantee the user information security. In order to make up for the shortcomings of the traditional defense system,this paper proposes the design of active intrusion prevention system based on persistent attack. According to the security of user information security design,the defense system is divided into data packet capture,protocol analysis,preprocessing,rule base,sustained attack detection and response of six modules,and the functions of each module are described;based on the broadcast Ethernet protocol,packet capture of data respectively in normal mode and mixed mode. The data link layer interface BPF link layer access mechanism of the original. In order to resolve the field information quickly,the protocol format field is designed to analyze the field protocol packet,so as to realize the active defense of network intrusion system. The experimental results show that the system has high data interception rate and recovery rate and low false positive rate,which is a comprehensive protection system.
作者
管廷昭
GUAN Ting-zhao(Division of Information Construction and Management,Nanjing University of Information Science and Technology,Nanjing 210044,China)
出处
《电子设计工程》
2018年第18期44-48,共5页
Electronic Design Engineering
关键词
持续攻击
智能网络
入侵
主动防御
系统设计
persistent attack
intelligent network
intrusion
active defense
system design
