网络入侵防御技术研究

Research on Network Intrusion Prevention Technologies

对网络入侵防御技术进行了分类,并分析了每种技术的特点,最后提出一种入侵防御系统的结构模型,该模型采用在线检测模式,融合使用状态检测、特征检测、异常检测以及协议分析等多种检测技术来提高检测的准确性及检测效率,并通过对报警的可信度进行评判,进一步降低误报率,提高系统的检测防御性能。

By blocking the attack rather than just detecting it, intrusion prevention allows a fundamental change in the way that networks are secured. Intrusion prevention technologies are categorized in this paper, with advantage and disadvantage of each technology analyzed. Finally a novel model of intrusion prevention is established. The model combines stateful inspection, signature detection, anomaly detection, and protocol analysis to accurately and effectively identify attacks. Especially according to evaluate the alert reliability, the model can improve detection accuracy.