摘要
针对单一技术在安全防御上存在的缺陷,提出了一个基于三层防御机制的网络安全防御体系模型。该体系有机结合了防火墙、NIPS、基于异常的入侵检测、蜜罐等多种安全技术深层抵御入侵,各组件通过传递XML信息互相协作。首先对网络的安全和结构进行分析,在此基础上给出了体系模型并说明了模型的工作流程,对涉及的关键技术做了探讨,给出了蠕虫攻击实验测试系统的性能。实验结果证明该体系不仅能阻断已知攻击,对未知攻击也做到了有效防御。
Focusing on the defects of the single technology on security prevention, proposed a network defense system model based on the three- level defense mechanism. The model that organically ioined firewall, NIPS, AIDS, honeypot anci so on had resisted attack in - depth, components cooperated by transmiting XML message. Firstly, the design thought of the security prevention system was described in the paper, and based on the thought, the architecture and workflow of the model was presented, and then the relevant sore technology was discussed. Lastly the worm attack experiment was presented to test the performance of the system. The experiment proved that the model not only blocked the known attack but also achieved the effective defense to the unknown attack.
出处
《计算机技术与发展》
2008年第2期159-162,共4页
Computer Technology and Development
基金
国家社会公益研究专项(2005DIB2J218)
