2006 1 st International Symposium on Pervasive Computing and Applications

时间:2014-05-03 06:25:00
【文件属性】:

文件名称:2006 1 st International Symposium on Pervasive Computing and Applications

文件大小:5.27MB

文件格式:PDF

更新时间:2014-05-03 06:25:00

network security; firewall; network intrusion

Research and Design of NIDS Based on Linux Firewall 1 2 12 Zongpu Jia Shufen Liu 1 Guowei Wang 'School of Computer Science and Technology, Jilin University, Changchun, China, 1300123 2School of Computer Science and Technology, Henan Polytechnic University, Jiaozuo, China, 454003 E-mail: jiazp@hpu.edu.cn Abstract Firewall has many shortages, such as it cannot keep away interior attacks, it cannot provide a consistent security strategy, and it has a single bottleneck spot and invalid spot, etc. Intrusion Detection System (IDS) also has many defects, such as low detection ability, lack of effective response mechanism, poor manageability, etc. Iffirewall and IDS are integrated, the cooperation of them can implement the network security to a great extent. on the one hand, IDS monitors the network, provides a real- time detection of attacks from the interior and exterior, and automatically informs firewall and dynamically alters the rules of firewall once an attack is found; on the other hand, firewall loads dynamic rules to hold up the intrusion, controls the data traffic ofIDS and provides the security protection of IDS. Based on constructing firewall with Iptables in the environment of Linux OS, the respective characters of firewall and IDS are analyzed. Then, the viewpoint of integrating firewall and IDS to realize the network security is proposed, and the application and algorithm of intrusion detection are systemically analyzed and designed.


网友评论