Enhanced automated intrusion prevention in network security

摘要

An automated Intrusion Prevention Mechanism (AIPM) which comprises the functionalities of IDS, IPS, and auto configuring network devices is proposed to enhance network security. AIPM is a mechanism that includes automated intrusion prevention function and automated analysis of intrusion messages function. In addition, the ability of automatically detecting and analyzing network traffic allows AIPM to detect malicious attacks in almost real time. Likewise, the ability of automatically analyzing intrusion messages and network configuration enable AIPM to build a topological view and locate the source of a malicious attack. Results from the case studies show that AIPM imposes lower overhead than conventional method, which queries all pre-defined routers to block every interface irrespective of where the attack is launched. In summary, AIPM which incorporates the functionalities of IDS/IPS offers network protection against potential malicious acts without incurring additional overheads as compare to the conventional method.