Linkage method for firewall and intrusion-detection system

Abstract

The invention relates to a linkage method for a firewall and intrusion-detection system, and the method is used for network protection and is characterized by comprising the following steps: encrypting and transmitting the alarm information generated by the intrusion-detection system to a forestage information receiver and then sending the alarm information to a preprocessor after decrypting and authenticating the alarm information by the forestage information receiver; performing the preprocessing of extracting and cleaning the information record by the preprocessor and then sending to an analyzer; sending an order to a decider by the analyzer if the acquired safety event level exceeds a preset threshold value, otherwise, sending an analyzed result to a relevance analyzer; performing the relevance analysis by the relevance analyzer and then sending a result to a risk evaluator; performing the risk evaluation on the current network state by the risk evaluator and then sending the acquired risk level of the current network and the network running state parameters to the decider; sending the linked specific information to a backstage information receiver by the decider, performing the related treatment and then sending the result to the firewall for implementing linkage; and centrally auditing an intrusion-detection log of the forestage information receiver and a firewall log of the backstage information receiver and then sending to the relevance analyzer.

Description

technical field [0001] The invention relates to the technical field of network security, and relates to a linkage method of a firewall and an intrusion detection system. Background technique [0002] With the development of computer technology and the wide application of the Internet, the hidden dangers of network security are becoming more and more serious. In daily work, ensuring network security and system security has been promoted to an important position. Using a single intrusion detection (IDS) and firewall cannot respond quickly and accurately to network security events in a timely and effective manner. Once an abnormal situation occurs, it can only be handled manually, and the work efficiency is very low. At present, the linkage technology is a simple linkage between IDS and firewall. This simple linkage method does not meet the requirements of network effectiveness and accuracy, but only establishes a preliminary network security linkage mechanism, which mainly h...

AI Technical Summary

Problems solved by technology

This simple linkage method does not meet the requirements of network effectiveness and accuracy, but only establishes a preliminary network security linkage mechanism, which mainly has the following two problems: (1) The linkage between the existing firewall and IDS is harmful to some Network security intrusion events cannot be responded well, mainly because of the high false alarm rate of IDS, lack of correlation and merging of alarm information, resulting in wrong firewall linkage, blocking normal communication

The rapid growth of security threats has become the background of the entire security world. The traditional security response system that relies on manual analysis of malware features can no longer meet the current security protection needs.

Images