摘要
为了改进当前IPS面临性能瓶颈、误报、漏报和攻击速度等问题,提出了一种分布式"分析与检测+集中控制+升级服务"架构的网络入侵防御系统。分析与检测主要采用协议识别和分析、协议异常检测、流量异常检测及响应方式等,集中控制主要用于监测控制入侵检测与防御系统的运行及其系统配置,升级服务负责定期提供攻击特征库的升级更新,使系统提供最前沿的安全保障。同时兼容其他安全产品,形成深度防御体系,最大限度地保护企业和组织的网络安全。
In order to improve the current performance bottlenecks facing IPS,false positive,false negative and attack speed issue etc,this paper presents a distributed "analysis and testing+centralized control+upgrade services" Architecture for Network Intrusion Detection and Prevention System.Analysis and testing can be achieved mainly through protocol identification and analysis,protocol anomaly detection,traffic anomaly detection and response methods.Centralized control is primarily used for intrusion detection and prevention monitoring and control system operation and system configuration.Upgrade Service is responsible for regular upgrades attack signature updates to make sure that the system provides the most cutting-edge security.Compatible with other security products,this system forms the depth of defense,to protect businesses and organizations to maximize network security.
出处
《计算机系统应用》
2011年第7期22-25,共4页
Computer Systems & Applications
基金
国家改委信息安全产品专项基金(发改办高技[20091886号])
关键词
入侵检测与防御
协议识别
异常检测
流量监测
网络攻击
intrusion detection and prevention
protocol identification
anomaly detection
flow monitoring
network attacks
