A DESIGN OF INTRUSION DETECTION AND PROTECTION SYSTEM USING NETFILTER FRAMEWORK

摘要

An intrusion detection and blocking system design using a NetFilter framework is provided to interwork an intrusion detection module with the NetFilter framework to block a packet corresponding to intrusion in the NetFilter framework when the intrusion occurs, thereby minimizing intervention of a manager and coping with the intrusion in real time. An intrusion detection and blocking system uses an algorithm that performs an active detection and blocking function by using a NetFilter. The system suggests a model for effectively blocking intrusion as configuring a rule DB for the intrusion. An intrusion packet monitoring module sets a blocking function by analyzing and filtering an inputted packet. An intrusion blocking information management module copes with the intrusion. An input packet analysis module analyzes and collects packets inputted through a network.