防火墙与入侵检测联动方案设计与实现..doc

防火墙与入侵检测联动方案设计与实现 摘 要 网络发展安全防火墙和入侵检测在。。本文，，。论文所做的主要工作如下： （1）了一种开发接口的协同联动保护机制，防火墙利用分布式入侵检测系统及时地发现安全策略之外的入侵攻击行为，入侵检测系统通过防火墙阻断来自外部网络的攻击行为，有效安全防护机制，提高网络整体防护。其中，入侵检测系统分布式检测、分布式分析集中管理模式提高入侵事件检测效率和速度向入侵检测系统的主控端传输每一台主机（或服务器）入侵检测报告，有效降低网络负载，提高协同安全保护机制的。 （2）基于Server/Client的通信交互模式，利用通道加密技术SSL与DES加密算法和密钥验证机制，在入侵检测系统和防火墙之间实现传输信息的验证和加密功能，通信的安全可靠。 （3）入侵检测系统中的模式匹配技术，在分析BM算法的基础上，提出基于最长前缀思想的新模式匹配算法EBM算法，该算法在后缀的匹配中使用shift表来确定移动值，提高了算法的运行效率，并理论和实践证明了该算法优于BM算法。 （4）从“危险”级别定义和“可转移”级别定义的出发，制订了安全的协同联动策略，提出了分布式入侵检测系统中各事件分析器的协作算法，该算法可以节约系统的开销，减轻分析器的分析任务和资源占用。传输的仅仅只是分析报告，用几十个字节就可描述本地的分析检测结果，因此在彼此进行协作时，网络负载不重，对检测实时性影响不大。 关键字：防火墙、入侵检测、联动技术 Abstract With the development of network, it is important to protect the network via improving and innovating the network security and protection. Nowadays, there are many kinds of network technologies, in which Firewall and intrusion detection system (IDS) are applied widely, when they are used to protection the network security separately, they are not completely enough to solve the problem of security. Thus, it is a interesting issue to make these two security protection systems united to construct an integral protection mechanism. Based on their respective advantages and disadvantages, this paper is formed, in which the necessity and feasibility is discussed, and some corresponding methods or algorithms are presented in detail. Some major issues in this paper are as follows. (1) Use the open interface to design a novel interactive mechanism. In this mechanism, firewall can apply distributed IDS to find the new attack actions beyond the security policies. In the other hand, the IDS may interdict the attack actions from the external networks. Thus, the feasible and effective protection mechanism is formed to improve the performance of network security. Where, the IDS is configured with distributed detection, distributed analysis, and central management, which may improve the detection efficiency and response speed. Since the detection report with severa