Design of Policy-based Security Management for Intrusion Detection

摘要

Intrusion Detection System (IDS) is a next generation security solution that minimizes the damage of hacking, in case a firewall fails in the isolation of intrusions, and responds the intrusion dynamically. Legacy security management is difficult to deal with changes in security environments, because it lacks of security policies and integrated security methods. In order to resolve these problems, we need policy-based security management (PBSM) that has standard security policy, consulting, diagnosis, maintenance, and repair function. It is necessary to monitor and control security services by PBSM. In this paper, we design and implement PBSM for intrusion detection. Our platform consists of a network node, general hosts and a management node. The network node is a security router that performs packet filtering, intrusion detection, intrusion analysis, intrusion response, and policy enforcement. The management node manages a network node and general hosts by security policies. We design the channel between a management node and a network node using Common Open Policy Service (COPS) and IP Security (IPsec). We have applied java and web to implementing GUI for PBSM. Java is used to program the user interface for PBSM. As the proposed system makes use of web, PBSM is easily accessed through the web remotely in real time. As the proposed system makes use of Web, security management system is easily accessed through the Web.