集成入侵检测引擎的增强型防火墙技术研究

RESEARCH ON THE ENHANCED FIREWALL TECHNIQUES INTEGRATED WITH THE ENGINE OF INTRUSION DETECTION

提出了一种增强型防火墙技术,通过把入侵检测引擎集成到传统的包过滤防火墙中,实现两者的协同工作,使得该防火墙在具备传统安全保护功能的同时,还能够根据内嵌的入侵检测引擎的响应结果动态设置过滤规则,及时禁止可能的危险数据通信,从而更好地保护网络安全。给出了该增强型防火墙的系统功能、模块结构和协作机制。测试表明,与传统防火墙相比,该防火墙在应对未知攻击时,具有有效阻断率高的优势。

The enhanced firewall techniques are presented. Integrated with the engine of intrusion detection, the firewall is not only able to work as the traditional packet-filtering firewall, but also able to modify its rules dynamically based on the response of the IDS engine so as to prohibit the possibly dangerous communications in time, therefore it can protect the network more effectively. Besides, the system functions, modular structure and the cooperative mechanism of the enhanced firewall are also introduced. Tests show that the firewall has its advantage of a higher blocking efficiency over the traditional packet-filtering firewall when facing with unknown attacks.