A Performance Analysis Method for Intrusion Prevention System

doi:10.3969/j.issn.1671-1122.2015.09.011

Abstract

Abstract: Intrusion prevention system (IPS) is a crucial defensive measure against malicious attacks to information system. However, the improper IPS configuration can have a negative impact on network performances in terms of end-to-end delay or packets loss. Most researchers mainly focus on putting forward new IPS and analyzing the different methodologies, but ignoring the research of quantitative analysis on IPS. By analyzing the system as a quasi-birth-and -death process, this paper obtains the steady probabilities distribution to compute some important indices by establishing a two-dimensional Markov chain model. The experimental results prove that the general analytical method can effectively evaluate the performances of IPS, and also testify the correctness of the model indirectly.

Key words: intrusion prevention system, Markov chain mode, performance analysis

CLC Number:

TP309

LIU Wei, LI Quan-lin, RUI Li. A Performance Analysis Method for Intrusion Prevention System[J]. 信息网络安全, 2015, 15(9): 46-49.

References

[1] 曾颖.军队级入侵防御系统中数据通信与监控技术研究[D].成都：电子科技大学,2012.
[2] 赵婷,吴其聪.入侵检测产品及入侵防御产品现状[J].信息网络安全,2007,（3）:39-40.
[3] 陈观林,冯雁,王泽兵.分布式无线入侵防御系统预先决策引擎研究[J].电信科学. 2010,（10）：80-86.
[4] 舒泽萍,张鹰.基于分布式联动技术的网络安全分析[J].信息网络安全,2007,(7):24-26.
[5] Agarwal M,Biswas S, Nandi S. Detection of De-authentication Denial of Service attack in 802.11 networks[EB/OL].http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=6726015&url=http%3A%2F%2Fieeexplore.ieee.org%2Fxpls%2Ficp.jsp%3Farnumber%3D6726015,2015-05-20.
[6] Dr. Alaa Al-hamami,Tahani Alawneh. Developing a Host Intrusion Prevention System by Using Data Mining[C]// 2012 International Conference on Advanced Computer Science Applications and Technologies:409-413.
[7] 刘杰,方勇,李哲,等. 基于主机的入侵检测系统分析[J].信息网络安全,2002,(9):30-31.
[8] Ekgapark Wonghirunsombat, Teewalee Asawaniwed, Vassapon Hanchana, et al. A Centralized Management Framework of Networkbased Intrusion Detection and Prevention System[C]// 2013 10th International Joint Conference on Computer Science and Software Engineering (JCSSE)183-188.
[9] 万召文,徐慧.具有认知功能的入侵防御系统研究与设计[J].计算机工程与设计,2013,34 （10）：3431-3435.
[10] 李刚,薛一波,汪东升.一个千兆网络入侵防御系统的设计与实现[J].小型微型计算机系统,2006,27（11）：2025-2029.
[11] Tomášek M, Čajkovský M, Klimek I. Cloud-Centric Application Tracing and User Monitoring Intrusion Prevention System[C]//INES 2013 · IEEE 17th International Conference on Intelligent Engineering Systems · June 19-21, 2013, Costa Rica:339- 343.
[12] Yudai Kato, Yuji Makimoto, Hironori Shirai, et al. Monitoring Library Function-based Intrusion Prevention System with Continuing Execution Mechanism[C]//2010 IEEE/IFIP International Conference on Embedded and Ubiquitous Computing:548-554.
[13] 李艺颖,邓皓文,王思齐,等. 基于机器学习和NetFPGA的智能高速入侵防御系统[J].信息网络安全,2014,(2):12-19.
[14] Wattanapongsakorn N, Wonghirunsombat E, Assawaniwed T, et al. A Network-based Internet Worm Intrusion Detection and Prevention System[EB/OL].http://xueshu.baidu.com/s?wd=A+Network-based+Internet+Worm+Intrusion+Detection+and+Prevention+System&rsv_bp=0&tn=SE_baiduxueshu_c1gjeupa&rsv_spt=3&ie=utf-8&f=8&rsv_sug2=1&sc_f_para=sc_tasktype%3D%7BfirstSimpleSearch%7D&rsv_n=2,2015-05-20.
[15] Wattanapongsakorn N, Srakaew S, Wonghirunsombat E, et al. A Practical Network-based Intrusion Detection and Prevention System[C]//2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications:209-214.
[16] 郑林,陈蜀宇,石振明.基于贝叶斯分类的入侵防御系统报警研究[J].计算机工程与设计. 2008,29（14）：3620-3622.
[17] Muna Elsadig, Azween Abdullah, Brahim Belhaouari Samir. Immune Multi Agent System for Intrusion Prevention and Self Healing System Implement a Non-Linear Classification[EB/OL]. http://www.researchgate.net/publication/224171611_Immune_multi_agent_system_for_intrusion_prevention_and_self_healing_system_implement_a_non-linear_classification,2015-05-20.
[18] Yaping Jiang, Junlin Chang. Intrusion Prevention System Base on Immune Vaccination[C]//2009 Second International Conference on Intelligent Computation Technology and Automation:350-353.
[19] 潘仰峰,刘渊.基于数据挖掘的入侵防御研究[J].计算机工程与设计,2007,28（1）：56-58.
[20] 张焕,曹万华,冯力,等.一种基于邻近距离的分布式入侵防御系统模型[J].计算机科学,2009,36（9）：55-58.
[21] David Mudzingwa, Rajeev Agrawal. A study of Methodologies used in Intrusion Detection and Prevention Systems (IDPS)[EB/OL]. http://www.researchgate.net/publication/234082442_A_study_of_methodologies_used_in_intrusion_detection_and_prevention_systems_(IDPS),2015-05-20.
[22] Padmashani R, Shiju Sathyadevan, Devi Dath. BSnort IPS[C]//2012 12th International Conference on Intelligent Systems Design and Applications (ISDA):46-49.
[23] Cheng-Yuan Ho, Yuan-Cheng Lai, I-Wei Chen, et al. Statistical Analysis of False Positives and False Negatives from Real Traffic withIntrusion Detection/Prevention Systems[J]. IEEE Communications Magazine, 2012,(3):146-154.
[24] 周熠.网络攻击方法剖析与防卫措施的研究与探讨[J].信息网络安全,2007,(9):37-40.
[25] 李天目,仲伟俊,梅妹娥.入侵防御系统管理和配置的检查博弈分析[J].系统工程学报,2008,（5）：589-595.