Information Technology Reference
In-Depth Information
Server sensors are installed on protected servers and provide protection of certain
network services like HTTP, SMTP, POP3, etc. Several server sensors can be
installed on one host. In contrast to network sensors, server sensors can prevent
network attacks by means of filtering potentially dangerous data packets. Server
sensors implement of intrusion detection model, which was described in Section 3 of
the paper. The common structure of IPS “Forpost” is depicted in Fig. 7.
Fig. 7.
Common structure of Intrusion Detection and Prevention System “Forpost”
The testing of IPS “Forpost” demonstrated that the developed intrusion detection
model can effectively detect network attacks with low number of false negatives and
false positives. The IPS was tested be means of specialized attack simulation tools [5]
in heterogeneous network environment. At present IPS “Forpost” is successfully
introduced in a number of computer systems of commercial and state enterprises such
as Central Election Committee of Russia, Ministry of Justice, Committee of Financial
Monitoring of Russian Federation, etc.
5 Conclusion
The development of intrusion detection models is currently one of the most rapidly
evolving fields of information security. The main types of signature- and behavior-
based models were considered in this paper. On the basis of existing models
disadvantages a new intrusion detection model was developed. This model uses state
machine-based formal grammars and allows to detect and prevent anomalous network
traffic, related to informational attacks. Developed model can detect both known and
new types of network attacks. The described approach was illustrated by an example
of model, designed for the detection of attacks on Web-servers. The developed model
was implemented in an Intrusion Detection and Prevention system “Forpost”, which
was successfully introduced in a number of computer systems.
