Chen Guanlin,Feng Yan,Wang Zebing

DOI: https://doi.org/10.3969/j.issn.1000-0801.2010.10.014

2010-01-01

Abstract:Nowadays wireless intrusion prevention systems have become the research hotspot with the fast development of WLAN.In this paper,we first introduce the common attack methods for WLAN,and then present the framework of the wireless IPS with a distributed pre-decision engine,which can predict the future actions and direct active responses to these actions.We implement an improved model with extended detection rules for conducting intrusion plan and making pre-decision,by gathering wireless device information and importing supporting degree of intrusion plan in plan recognition.Experimental results showed that the distributed pre-decision engine can not only improve wireless intrusion detection and prevention performance,also reduce false negatives and false positives evidently.

Baojun Zhang,Xuezeng Pan,Jiebing Wang

DOI: https://doi.org/10.1109/fskd.2007.348

2007-01-01

Abstract:The current network is complicated due to the high- throughput and the multiformity of actions. A hybrid intru- sion detection system (HIDSFCN) is proposed in this study to satisfy the current network. It combines the advantages of all kinds of IDS and put forwards our own solvents to those key problems in current research. Experiment results demonstrate that our HIDSFCN is of high performance and good practicability.

WANG Xiaodong,ZHU Miaoliang

DOI: https://doi.org/10.3969/j.issn.1000-3428.2005.07.055

2005-01-01

Abstract:This paper puts forward an intellective network safe guard system based on a multi-agent system structure. The purpose of the system is to defend the intrusion of campus-wide network. It is based on IDXP and the focus is blackboard. This system can deal with multi-levels and many ways of anti-intrusions, which has self-determination. It is proved to have a good performance by spot tests.

郑凯元,叶茂,赵欣

DOI: https://doi.org/10.3969/j.issn.1008-0570.2008.36.020

2008-01-01

Abstract:With the development of World Wide Web network,the network risk occurs here and there around of us. Our information risks various intrusions and computer virus. To observe and prevent the intrusions is on the edge,a new network security technology called IPS came forth these years. The IPS can detect and prevent network intrusions in time. A Winpcap based IPS(WNIPS) includ-ing the design and implementation is present in this paper. The WNIPS will capture net packets via the NDIS,and then detect in-trusions by analyzing and statistic. It can update the firewall rules while detecting the intrusions,taking the advantage this function,the WNIPS can detect and prevent all the known intrusions and some unknown intrusions.

Ruey-Maw Chen,Kuo-Ta Hsieh

DOI: https://doi.org/10.1002/dac.1289

2011-06-01

International Journal of Communication Systems

Abstract:Dependence on the Internet is increasing dramatically. Therefore, many researchers have given great attention to the issue of how to tighten Internet security. This study proposes a new scheme for the distributed intrusion prevention system (DIPS), in which the concept of ‘union’ is presented for satisfying the increasing requirements of Internet security issues. In this proposed design, the network intrusion detection system (NIDS) applies a misuse detection technique to detect well‐known intrusion behavior on the Internet. Meanwhile, for anomaly detection technique, a tool named ‘Scent’ (a network traffic sniffer) is combined with conditional legitimate probability to reveal previously undiscovered intrusion packets that do not match the intrusion signatures in NIDS. Moreover, blocking distributed denial‐of‐service (DDoS) attacks inside the protected allied network is also covered. To increase the detection accuracy, reduction of false positives and false negatives is also accomplished. Experimental results reveal that the suggested network security system scheme is effective and efficient in resolving the intrusion activity problem of real network environments. Copyright © 2011 John Wiley & Sons, Ltd. In this work, a new system scheme of the allied distributed intrusion prevention system was implemented to meet the increasing Internet security issues. A network intrusion detection system (NIDS) applies misuse detection technique to detect well‐known intrusion behaviors on the Internet. Meanwhile, for anomaly detection technique, a designed tool named ‘Scent’ (a network traffic sniffer) is combined with conditional legitimate probability to find out new intrusion packets that do not match the intrusion signatures in NIDS. Moreover, blocking distributed denial‐of‐service attacks inside the protected allied network is also designed. To increase the detection accuracy, reducing false positive and false negative are also accomplished.

telecommunications,engineering, electrical & electronic

黄爱蓉,向郑涛,陈宇峰,董亚波

DOI: https://doi.org/10.16208/j.issn1000-7024.2009.18.047

2009-01-01

Abstract:Faced with increasingly serious issue of network security,focus on cutting off the malicious host’s harm,to overcome the shortcomings of malicious host isolation technologies,a hosts quarantine system with cooperation support in LAN is proposed and implemented to quarantine local malicious hosts.The quarantine system can cooperate with the manager and the detection devices who is authorized.When obtaining the malicious host’s IPs,the quarantine system will immediately break up the communication between malicious hosts and the gateway using ARP masquerade technology.Thus the spreading of harm from the LAN to the outside network will be prevented.The results show that the quarantine effect is obvious and the quarantine system makes a minor impact on the LAN.

WANG Zhu,DAI Yi-qi

2012-01-01

Abstract:With the development of computer network,there come a lot of security threats.LAN is a basic unit of network functionality,and its security is very important and significant.A Multi-level Security Local Area Network System(MSLANS) based on BLP model is proposed,which with transparent computing system as the platform,conforms with the requirements of security infrastructure.By introducing the security policy server and dynamic monitoring switch into the system,and embedding modules into terminal computers to monitor the user's operations and login procedures,the secure LAN system could thus accomplish the centralized control and protection of the operations within the terminal computers.

陈丽丽,李卫,管晓宏,祝春华

DOI: https://doi.org/10.3969/j.issn.1000-7180.2004.06.035

2004-01-01

Abstract:NIDS (Network Intrusion Detection System) as an important security protection tool has become a hotspot for research. We introduce the basic concept of IDS and its primary components and common classification first, then we present the framework of a net-based IDS and its implementation in detail. We put forward our views about the current research of IDS and its prospect last.

Guangfeng Guo,Junxing Zhang,Zhanfei Ma

DOI: https://doi.org/10.2298/csis200206049g

2021-01-01

Computer Science and Information Systems

Abstract:As traditional networks, the software-defined campus network also suffers from intrusion attacks. Current solutions for intrusion prevention cannot meet the requirements of the campus network. Existing methods of attack traceback are either limited to specific protocols or incur high overhead. To protect the data center (DC) of the campus network from internal and external attacks, we propose an Intrusion Prevention System (IPS) based on the coordinated control between the detection engine, the attack traceback agent, and the software-defined control plane. Our solution includes a novel algorithm to infer the best switch port for defending different attacks of varied scales based on the inverse HSA (Header Space Analysis) and the global view of the software-defined controller. The proposed scheme can effectively and timely block the malicious traffic not only protecting victim hosts from attacks but also preventing the whole network from suffering unwanted transmission burden. The proposed IPS is deployed on the bypass of the DC switch and collects network traffic by port mirroring. Compared with the traditional serial deployment, the new design helps defend the DC internal attacks, reduce the probability of network congestion, and avoid the single point of failure. The experimental results show that the overhead of our IPS is very low, which enables it to meet the real-time requirements. The average defense time is between 10 and 14 ms for the data center internal attacks of different scales. For external attacks, the maximum defense time is about 76 ms for a large-scale network with 100 switches.

computer science, information systems, software engineering

WENG Wen-xiang,QIU Wei-dong

DOI: https://doi.org/10.3969/j.issn.1009-8054.2009.04.035

2009-01-01

Abstract:Network Intrusion Detection and Prevention Systems are full of vitality in the fight against network intrusions.Network Intrusion Prevention System(NIPS)search for certain malicious content based on signatures and filter network traffic.Matching all traffic with these signatures is a challenge to high-speed networks.In this paper,the concept of network intrusion prevention system and its features are described.Then it introduces in detail the composition and structure of Intel High-Speed Network Processor is discussed,and analyzes the basic theory of IPS analyzed.Finally,the NIPS design and an implementation based on Intel High-Speed Network Processor is given.

周麒麟,司天歌,戴一奇

DOI: https://doi.org/10.3321/j.issn:1000-0054.2009.01.032

2009-01-01

Abstract:A secure local area network (LAN) was developed based on a dynamic communication monitor to protect illegal visits and prevent information leakages with the LAN keeping in a safe state. The results show that the dynamic communication monitor effectively solves the LAN security problem by monitoring the file access operations from the terminals as well as the LAN communication behavior, and by controlling these activities with no read up and no write down mandatory access control rules.

邵萍,班世敏,彭勤科

DOI: https://doi.org/10.3969/j.issn.1000-7180.2003.04.009

2003-01-01

Abstract:This paper establishes a new computer information security module through analyzing the security of computer network.We classify the most critical internet security vulnera-bilities according our module to find the most critical layer of the module.This paper describes the module of this layer by system call,command sequence,key stroke.We realizes a HIDS basing on this module and give the result of the HIDS.

Xiao-ning KANG,Dong-xing JIANG,Cheng ZHANG,Qi-xin LIU,Lin ZHOU,Hai-yan WU

DOI: https://doi.org/10.3969/j.issn.1000-1220.2005.11.014

2005-01-01

Abstract:Network security is getting more important as the Internet evolves.Attacks like DoS,DDoS have become major attack methods on gigabit networks,not to mention the worms have used up network bandwidth.Traditional IDSes could not handle massive network data efficiently or block detected attacks in time.Focusing on those problems,this paper designed a distributed intrusion detection and blocking system which can run on high-speed networks efficiently,which is also known as IPS(Intrusion Prevention System).

蔡忠闽,彭勤科,管晓宏,孙国基

DOI: https://doi.org/10.3969/j.issn.1000-3428.2002.07.028

2002-01-01

Abstract:In this paper we present a multi-layer and defense-in-depth intrusion detection model for networked computer systems with a prototype. In this model, the operations on the protected computer system are monitored by four sensors from different viewpoints. The final judgement is made by combining the results of the individual sensors using information fusion techniques. It is demonstrated that an anomaly behavior can be more easily discovered and false alarms can be effectively reduced using our detection model. The methods to detect intrusions at different layers are also discussed using the experience gained in prototype realization.

Kashif Ishaq,Hafiz Ahsan Javed

2023-08-26

Abstract:The security trade confidentiality, integrity and availability are the main pillar of the information systems as every organization emphasize of the security. From last few decades, digital data is the main asset for every digital or non-digital organization. The proliferation of easily accessible attack software on the internet has lowered the barrier for individuals without hacking skills to engage in malicious activities. An Industrial organization operates a server that (Confluence) serves as a learning platform for newly hired employees or Management training officers, thereby making it vulnerable to potential attacks using readily available internet-based software. To mitigate this risk, it is essential to implement a security system capable of detecting and preventing attacks, as well as conducting investigations. This research project aims to develop a comprehensive security system that can detect attack attempts, initiate preventive measures, and carry out investigations by analyzing attack logs. The study adopted a survey methodology and spanned a period of four months, from March 1, 2023, to June 31, 2023. The outcome of this research is a robust security system that effectively identifies attack attempts, blocks the attacker's IP address, and employs network forensic techniques for investigation purposes. The findings indicate that deploying Snort in IPS mode on PfSense enables the detection of attacks targeting e-learning servers, triggering automatic preventive measures such as IP address blocking. The alerts generated by Snort facilitate investigative actions through network forensics, allowing for accurate reporting on the detrimental effects of the attacks.

Cryptography and Security

Lu Yu,Richard R. Brooks

DOI: https://doi.org/10.1007/978-3-319-75683-7_15

2017-09-22

Abstract:With the rapid development of Internet and the sharp increase of network crime, network security has become very important and received a lot of attention. We model security issues as stochastic systems. This allows us to find weaknesses in existing security systems and propose new solutions. Exploring the vulnerabilities of existing security tools can prevent cyber-attacks from taking advantages of the system weaknesses. We propose a hybrid network security scheme including intrusion detection systems (IDSs) and honeypots scattered throughout the network. This combines the advantages of two security technologies. A honeypot is an activity-based network security system, which could be the logical supplement of the passive detection policies used by IDSs. This integration forces us to balance security performance versus cost by scheduling device activities for the proposed system. By formulating the scheduling problem as a decentralized partially observable Markov decision process (DEC-POMDP), decisions are made in a distributed manner at each device without requiring centralized control. The partially observable Markov decision process (POMDP) is a useful choice for controlling stochastic systems. As a combination of two Markov models, POMDPs combine the strength of hidden Markov Model (HMM) (capturing dynamics that depend on unobserved states) and that of Markov decision process (MDP) (taking the decision aspect into account). Decision making under uncertainty is used in many parts of business and <a class="link-external link-http" href="http://science.We" rel="external noopener nofollow">this http URL</a> use here for security <a class="link-external link-http" href="http://tools.We" rel="external noopener nofollow">this http URL</a> adopt a high-quality approximation solution for finite-space POMDPs with the average cost criterion, and their extension to DEC-POMDPs. We show how this tool could be used to design a network security framework.

Cryptography and Security

LI Fang,L(U) Li-juan,WANG Heng-shan,ZHANG Yuan-qiu

DOI: https://doi.org/10.3969/j.issn.1007-6735.2007.06.013

2007-01-01

Abstract:The network security of teaching affairs management information system(MIS) is detailedly outlined.Some security strategies and methods served for the system are put forward.The key programmes are compiled to complete the functions of limits of authority and client confirmation,record and tracking,communication agreement introduced by TCP/IP,verification of C2 class and alarm system.The network security system of SLTMIS is successfully developed and can be applied in practice.

ZAN Feng-biao,XU Ming-wei,WU Jian-ping

DOI: https://doi.org/10.3969/j.issn.1000-1220.2007.02.007

2007-01-01

Abstract:When TCP/IP Protocol suite was originally designed, it did not concern about Mobility and Multi-Homing, and also not provide security and authentication mechanism for hosts. Today it becomes a severe problem of Internet to address Mobility and Multi-Homing. Host Identity Protocol (HIP) becomes one of effective approaches to resolve these problems. In this paper, it introduces HIP architecture and HIP base exchange, and discusses the resolution of Host's Mobility, Multi-Homing and secure communication as well as the migration of traditional systems and legacy applications in detail. The problems of HIP are also presented.

Liang Zhang,Dongxing Jiang,Shixin Xu

DOI: https://doi.org/10.3321/j.issn:1002-8331.2001.10.014

2001-01-01

Abstract:Host-network security is a rising marginal technology in the field of computer security. It provides more secure protection for hosts in network environment on the basis of consideration of the network attributes and OS attributes together. In this paper,architecture of host-network security is prosented,and then some key technologies of host-network security is discussed. Finally,the solution of access control in host-network security is given.

LI Gang,XUE Yi-bo,WANG Dong-sheng

DOI: https://doi.org/10.3969/j.issn.1000-1220.2006.11.009

2006-01-01

Abstract:With the improvement of network speed and the more complicated of network intrusion behavior, high speed and high performance network intrusion detection and prevention systems are more and more needed, but most of researches and developments are focused on network intrusion detection systems now. Because of the shortcoming of network intrusion detection system and the advantage of network prevention with real time blocking, network prevention system is more and more welcome and needed. However, network prevention system includes a lot of key technologies and difficulties, practical Gigabit network prevention systems are handful on the market. In this paper, a hardware-based framework for implementing network intrusion prevention system is presented, this framework integrates and implements the functionality of network prevention system.