摘要
针对分布式防火墙和入侵检测技术各自存在的不足,文中提出基于入侵检测的分布式防火墙的解决方案,通过在主机防火墙内部增加入侵检测模块,形成一种动态分布式防火墙.主机防火墙过滤模块通过修改数据包结构以减少入侵检测量,入侵检测结果快速返回管理中心,及时动态更新策略.实验结果表明:该方案解决了分布式防火墙策略更新慢、内部通信被非法用户截获、无法及时发现入侵攻击等问题,同时也解决了入侵检测模块的数据检测量大和无法阻断攻击等问题.
In view of the deficiencies of distributed firewall and Intrusion detection,a distributed firewall based on Intrusion detection is proposed.It improves the architecture of distributed firewall by adding intrusion detection module in order to get a dynamic distributed firewall.It reduces the amount of intrusion detection data by modification the structure of packets when they arrive at the intrusion detection module from the host firewall filtering module.The results of data detection return to management center rapidly,so the management center can update rule dynamically and timely.The experimental results show that the proposed scheme solves some problems of traditional distributed firewall,including the policy updating delay,unauthorized users can intercept the internal communication and intrusion can not be found timely etc.Meanwhile,it also solves some problems of intrusion detection module such as the large amount of data,the inability of blocking the attack and so on.
出处
《微电子学与计算机》
CSCD
北大核心
2011年第6期126-130,共5页
Microelectronics & Computer
关键词
入侵检测
网络安全
网络数据拦截
动态分布式防火墙
intrusion detection
network security
networks data interception
dynamic distributed firewall
