Research and design of NIDS based on Linux firewall

Firewall has many shortages, such as it cannot keep away interior attacks, it cannot provide a consistent security strategy, and it has a single bottleneck spot and invalid spot, etc. Intrusion Detection System (IDS) also has many defects, such as low detection ability, lack of effective response mechanism, poor manageability, etc. If firewall and IDS are integrated, the cooperation of them can implement the network security to a great extent: on the one hand, IDS monitors the network, provides a real-time detection of attacks from the interior and exterior, and automatically informs firewall and dynamically alters the rules of firewall once an attack is found; on the other hand, firewall loads dynamic rules to hold up the intrusion, controls the data traffic of IDS and provides the security protection of IDS. Based on constructing firewall with Iptables in the environment of Linux OS, the respective characters of firewall and IDS are analyzed. Then, the viewpoint of integrating firewall and IDS to realize the network security is proposed, and the application and algorithm of intrusion detection are systemically analyzed and designed.