| 摘要 |
<p>The invention relates to a system and a method for detecting and preventing intrusions in a computer network (1), suitable for preventing intrusions by detecting and blocking the latter before the same penetrate the network. The system comprises a firewall (2) capable of analysing data packets (D) streaming over a connection via an analysis engine (3) capable of detecting the presence of malicious data. The firewall is capable of correcting and/or deleting the detected malicious data before transmitting the data packets (D) over the network (1). The firewall (2) is capable of operating in a first mode, in which the data packets (D) are allowed to stream over the connection to the network (1), and in a second mode, in which the connection is temporarily blocked. As long as the analysis engine (3) does not detect any malicious data in a data packet (D), the firewall (2) operates in the first mode. When the analysis engine (3) detects the presence of one or more pieces of malicious data in a data packet (D), the firewall (2) switches to the second mode, corrects and/or deletes the malicious data from the data packet D, resynchronises the connection, and then unblocks the connection in order to return to the first operating mode.</p> |
