K.-M. Yu, W. Ouyang, and L.-M. Huang (Taiwan)
IDS, IDP, Snort, security network, embedded system
Conventional intrusion detection systems (IDS) examine packets going through the network and filter those suspiciously malicious packets out. When attacks happen, the IDS sends warning messages to the administrator. However, an IDS can only detects and blocks those packets which are identifiable at application layer passively. Recently, Intrusion prevention systems (called IPS or IDP) are proposed for improvement. An IDP actively detects and blocks packets. Both IDS and IDP are setup on network backbones, thus the hardware and software requirements need to be at enterprise level. Centralized control, which is preferred in IDS and IDP, is also expensive to manage. This study proposes a distributed IDP defense system with modulated control and high efficiency to resolve the issues of high cost, heavy hardware load, and complicated configurations from a normal IDP system.
Important Links:
Go Back
