近年來,許多人透過網站來獲取有用的資訊、收發電子郵件、購物等等。網路對我們日常生活已經是不可或缺的。在我們利用網路方便的同時,有許多威脅,像是阻斷攻擊或分散式阻斷攻擊,來破壞網路系統,導致企業或公司財務上的損失。目前有許多入侵偵測系統發展出來保護網路系統,但有時候面對大量的攻擊時,難免會失去它們的偵測能力。 本研究提出一個入侵預防系統,利用Cumulative Sum演算法來偵測從本地端或遠端的攻擊。此系統不僅可以偵測外出網域與轉送的封包來保護遠端重要的系統,也可以偵測進入網域與送往相同網域的內部封包來保護自身網域的安全。實驗結果顯示此系統在防禦環境下可以帶來更高的安全性。 In recent years, networks are essential particularly for our daily life. More and more people access useful information, receive e-mail, purchase high-tech products, etc., through websites. However, when we enjoy network convenience, networks on the contrary also conduct threats for us, like Denial of Service (DoS) and Distributed Denial of Service (DDoS), resulting in bringing us inconvenience or financial loss, e.g., enterprises or companies’ huge amount of financial loss or missing their business opportunities. IDSs can protect network systems. But they often suffer from losing their detection effectiveness and capabilities when processing enormous network traffic. In this article, we proposed an intrusion prevention system, named Cumulative-Sum-based Intrusion Prevention System (CSIPS) which detects malicious behaviors, attacks and distributed attacks launched to local and remote servers/hosts based on intrusion detection techniques and Cumulative Sum (CUSUM) algorithm. Experimental results show that CSIPSs can carry out a higher security level for a united defense environment.
