Network security defense model based on firewall and IPS

2020 ◽  
Vol 39 (6) ◽  
pp. 8961-8969
Author(s):  
Shijie Ding ◽  
Zhiwei Zhang ◽  
Jun Xie
Keyword(s):  
Network Security ◽  
Intrusion Detection ◽  
Detection System ◽  
Reference Value ◽  
Attack Behavior ◽  
Validity And Reliability ◽  
Characteristic Analysis ◽  
Technical Requirements ◽  
Defense Model ◽  
The Government

With the spread of the COVID-19 epidemic, the government has put forward higher requirements for network security and reliability through the flow of network managers and the release of information. Traditional intrusion detection technology and firewall technology cannot effectively defend against DDoS attacks. This paper analyzes the principles and defects of intrusion detection system and firewall. In this paper, the architecture design of intrusion prevention system which integrates audit and network defense functions is proposed. The system optimizes the detection and analysis component of detecting attack behavior according to the special requirements of attack defense task, and adds the module of attack behavior characteristic analysis and defense strategy generation. The policy execution component uses a special defense engine to execute defense policies, providing the system with deep defense capabilities. Experiments show that the validity and reliability of the key modules in the proposed defense model meet the technical requirements. It has a certain reference value to improve the reliability of network management system under the influence of COVID-19 epidemic situation.

scholarly journals Research on Network Security Defense Model Based on Combination Strategy of Firewall and IPS

2021 ◽  
pp. 324-331
Author(s):  
Dafei Wu
Keyword(s):  
Network Security ◽  
Intrusion Detection ◽  
Network Management ◽  
Management System ◽  
Detection System ◽  
Network Management System ◽  
Combination Strategy ◽  
Protection Measures ◽  
Model Based ◽  
Defense Model

Firewall and intrusion detection system are widely used network security protection equipment, which plays a vital role in preventing network attack and intrusion. However, they have inevitable defects, which reduces the protection function provided in actual use. Therefore, in order to further improve network security, this paper designs a new network security protection technology which can integrate the advantages of multiple security technologies and make up for their shortcomings. This paper proposes a network security defense model based on the combination strategy of firewall and IPS. The purpose of policy based intrusion prevention system (pb-ips) is to realize the real combination of security management and network management system. This can take the network management system as the intermediary, integrate the firewall technology and intrusion detection technology, and realize a new network security protection measures.

scholarly journals Intrusion Detection Based on Big Data Fuzzy Analytics

2021 ◽  
Author(s):  
Farah Jemili ◽  
Hajer Bouras
Keyword(s):  
Big Data ◽  
Network Security ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
High Performance ◽  
Detection System ◽  
Training Dataset ◽  
False Alarms ◽  
Massive Datasets ◽  
Detection Rates

In today’s world, Intrusion Detection System (IDS) is one of the significant tools used to the improvement of network security, by detecting attacks or abnormal data accesses. Most of existing IDS have many disadvantages such as high false alarm rates and low detection rates. For the IDS, dealing with distributed and massive data constitutes a challenge. Besides, dealing with imprecise data is another challenge. This paper proposes an Intrusion Detection System based on big data fuzzy analytics; Fuzzy C-Means (FCM) method is used to cluster and classify the pre-processed training dataset. The CTU-13 and the UNSW-NB15 are used as distributed and massive datasets to prove the feasibility of the method. The proposed system shows high performance in terms of accuracy, precision, detection rates, and false alarms.

Campus Network Security Program Based on Snort Network Security Intrusion Detection System

2012 ◽  
Vol 433-440 ◽  
pp. 3235-3240
Author(s):  
Ling Jia
Keyword(s):  
Network Security ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Collocation Methods ◽  
Campus Network ◽  
Security Risks ◽  
Network Layer ◽  
Defense Strategies

This paper studies the security problems of campus network and summarizes the current on the current security risks and threats that campus network faces, focusing on analysis of attack-defense strategies on DOS network layer, proposing the security program of campus network which uses firewall as well as network security intrusion detection system snort. This paper analyzes the functional advantages of the program and presents in details the setup deployment and collocation methods of network security intrusion detection system based on snort in the campus network, and its application results are also summarized.

ANALISIS NETWORK SECURITY SNORT METODE INTRUSION DETECTION SYSTEM UNTUK OPTIMASI KEAMANAN JARINGAN KOMPUTER

Jursima ◽  
2018 ◽  
Vol 6 (1) ◽  
pp. 1
Author(s):  
Parningotan Panggabean
Keyword(s):  
Network Security ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Denial Of Service

<p><em>Perkembangan teknologi informasi, khususnya jaringan komputer memungkinkan terjadinya pertukaran informasi yang mudah, cepat dan semakin kompleks. Keamanan jaringan komputer harus diperhatikan guna menjaga validitas dan integritas data serta informasi yang berada dalam jaringan tersebut. Masalah yang dihadapi adalah adanya Log Bug yang didapatkan pada komputer server Dinas Lingkungan Hidup Kota Batam yang diindikasikan adanya serangan Denial of Service (DoS) pada komputer tersebut. Berdasarkan masalah diatas maka penulis mencoba membuat sebuah penelitian yang berjudul “Analisis Network Security Snort menggunakan metode  Intrusion Detection System (IDS) untuk Optimasi  Keamanan Jaringan Komputer” dan diharapkan dapat mendeteksi serangan Denial of Service (DoS). Intrusion Detection System (IDS)  adalah sebuah tool, metode, sumber daya yang memberikan bantuan untuk melakukan identifikasi, memberikan laporan terhadap aktivitas jaringan komputer. Aplikasi yang digunakan untuk mendeteksi serangan menggunakan Snort. Snort dapat mendeteksi serangan DoS. Serangan DoS dilakukan dengan menggunakan aplikasi Loic.</em></p>

scholarly journals Building attack detection system base on machine learning

2021 ◽  
Vol 6 (2) ◽  
pp. 018-032
Author(s):  
Rasha Thamer Shawe ◽  
Kawther Thabt Saleh ◽  
Farah Neamah Abbas
Keyword(s):  
Data Mining ◽  
Support Vector Machine ◽  
Network Security ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Attack Detection ◽  
Support Vector ◽  
Data Set ◽  
Kdd Cup 99

These days, security threats detection, generally discussed to as intrusion, has befitted actual significant and serious problem in network, information and data security. Thus, an intrusion detection system (IDS) has befitted actual important element in computer or network security. Avoidance of such intrusions wholly bases on detection ability of Intrusion Detection System (IDS) which productions necessary job in network security such it identifies different kinds of attacks in network. Moreover, the data mining has been playing an important job in the different disciplines of technologies and sciences. For computer security, data mining are presented for serving intrusion detection System (IDS) to detect intruders accurately. One of the vital techniques of data mining is characteristic, so we suggest Intrusion Detection System utilizing data mining approach: SVM (Support Vector Machine). In suggest system, the classification will be through by employing SVM and realization concerning the suggested system efficiency will be accomplish by executing a number of experiments employing KDD Cup’99 dataset. SVM (Support Vector Machine) is one of the best distinguished classification techniques in the data mining region. KDD Cup’99 data set is utilized to execute several investigates in our suggested system. The experimental results illustration that we can decrease wide time is taken to construct SVM model by accomplishment suitable data set pre-processing. False Positive Rate (FPR) is decrease and Attack detection rate of SVM is increased .applied with classification algorithm gives the accuracy highest result. Implementation Environment Intrusion detection system is implemented using Mat lab 2015 programming language, and the examinations have been implemented in the environment of Windows-7 operating system mat lab R2015a, the processor: Core i7- Duo CPU 2670, 2.5 GHz, and (8GB) RAM.

scholarly journals Intrusion Detection Techniques for Secure Communication in Different Wireless Networks

2019 ◽  
Vol 8 (9S2) ◽  
pp. 668-671
Keyword(s):  
Wireless Networks ◽  
Network Security ◽  
Intrusion Detection ◽  
Wireless Lan ◽  
Secure Communication ◽  
Detection System ◽  
Technological Advancement ◽  
Detection Techniques ◽  
Wireless Network Security ◽  
Active Interest

Technological advancement in the design of wireless communication have propelled an active interest in the field of Wireless Networks, Wireless Sensor Networks (WSNs), and Mobile Adhoc Networks (MANETs). Now days the speed and privacy are more reason of concern than the performance. The attacks can occur and there is always a chance that it will be a success. One of the major problems with Wireless Network security is that, all types of attacks are not known, and new ones emerge constantly [6]. Moreover, there is also a range of attacks that can be launched in the different mode, and thus making it more difficult for the Intrusion Detection System (IDS) to detect them. Therefore, main approach in network security is to detect and remove malicious intrusions. In this paper three different techniques have been proposed for securing Wireless LAN, WSNs and MANETs.

Sign in / Sign up

Export Citation Format

Share Document