Abstract:

With the rapid development of Internet, some intelligent attack methods and techniques are increasing. The network is easily attacked by hackers or malicious software. The safty problem is increasingly outstanding in computer network. The traditional technologies of firewalls and Intrusion Detection Systems (IDSs) own poor security, high false alarm rate, and low level of intelligence. Considering the demands of obtaining integrity and dynamics in network security, a novel linkage system model of firewall and IDS based on open communication platform of ACE (Adaptive Communication Environment) and SSL (Secure Socket Layer) is proposed. This system model combines the advantages of firewall and IDS, and uses the encrypted information transmission mechanism, and the policy management mechanism, and the associated linkage analysis algorithms to ensure the reliability, integrity and confidentiality of the transmitted information. Experimental results show that the linkage system can effectively prevent network from attacks, and possesses better cooperativeness, universalness and expansibility.:

Key words: network security；intrusion detection system；firewall； linkage；middleware