Characterizing Network Intrusion Prevention System

Deris Stiawan, Abdul Hanan Abdullah, Mohd. Yazid Idris
2011 International Journal of Computer Applications  
In the last few years, the Internet has experienced explosive growth. Along with the widespread evolution of new emerging services, the quantity and impact of attacks have been continuously increases, attackers continuously find vulnerabilities at various levels, from the network it self to operating system and applications, exploit the to crack system and services. Defense system and network monitoring has becomes essential component of computer security to predict and prevent attacks. Unlike
more » ... raditional Intrusion Detection System (IDS), Intrusion Prevention System (IPS) has additional features to secure computer network system. In this paper, we present mapping problem and challenges of IPS. When this study was started in late 2000, there are some models and theories have been developed. Unfortunately, only a few works have done mapping the problem in IPS area, especially in hybrid mechanism. Throughout this paper, we summarize the main current methods and the promising and interesting future directions and challenges research field in IPS. Keywords Security Threat, Intrusion Prevention System, Mapping Problem IPS Fig 1: Comparison (a) IDS and (b) IPS According to some reported work, proposal [4] describes of fundamental IDS and IPS, currently IDS can be seen as a traditional second line of defense system, it is becoming more difficult to apply security access control. On contrary, IPS can be used to alarm for attacks within a network and provide for acting on attack preventive with Firewall and IDS function mechanism. Performed work [5], outline the future trends of IPS is functionality such as: gateway appliance, perimeter defense appliance, all-in-all capability, and network packet inspection/prevent. We illustrated in Figure 1 , comparison IPS and IDS. IPS is similar to IDS. It designed and process to identify and recognized potential security violations in stream network. However, the primary intrusion prevention use signature mechanism to identify activity in network traffic and host where perform detect on inboundoutbound packets and would be to block that activity before the damage and access network resources. An IPS can be defined as an in-line product that focuses on identifying and blocking malicious network activity in real time [4] . IPS combines the technique firewall (data link layer, network layer, transport layer and application layer) with that of the IDS properly with proactive technique, it is a new approach system to defense
doi:10.5120/1811-2439 fatcat:pirx3fj76faibm3anbzmhdkx6e