期刊名称:International Journal of Computer Science and Network Security
印刷版ISSN:1738-7906
出版年度:2010
卷号:10
期号:4
页码:289-294
出版社:International Journal of Computer Science and Network Security
摘要:In recent years, Intrusion Prevention System (IPS) has been widely implemented to prevent suspicious threats. Unlike the traditional Intrusion Detection System, IPS has additional features to secure the computer network system. IPS is an access control device with a prevention function, which enforces a network security policy, is a helpful device that allows for more granular blocking action. In this paper, we propose a new prediction and prevention method with behavior-based detection, this method is called pitcher flow. We describes the habitual activity of the performance an overall network with a new algorithm for identifying and recognizing the normal behavior of user activities in the internal network. First, we define behavior activity by duration of activity conducted and active connection. Second, we categorize packets into class/type, identifying parameters by classifying the packets. Finally, we use the pitcher flow mechanism to identify and recognize suspicious threats. This paper also describes an algorithm for the complexity of the suspicious response.