**1.1 The information system and system security**

Information system is an integrated set of components for collecting, storing, processing, and communicating information. Information systems are more than just computer programs. Though information and communications technologies are playing an increasing role in meeting organisations' information needs, an information system is a much more general concept. It refers to the wider systems of people, data and activities, both computerbased and manual, that effectively gather, process, store and disseminate organisations' information. Of course, system security is essential for information system. In another words, security is the most reliable foundation for information system.

#### **1.2 The actual condition of information system security**

With the development of Internet, the world economy has been deeply communed together. The nation is just like a huge network computer, and computer network has been the foundation and life vein of a nation's economy. As the entire society increasingly relies on network infrastructures, network security also changes for the worse seriously. It is very difficult for traditional security policies or mechanisms (such as authentication, cryptography and firewall) to prevent network attacks. The whole society needs new technology to solve those problems.

The openness of the system network, the security hole of the network protocol, the defects of the software…Those drawbacks make the network security worse than worse. According to the recently research and report, people found the details and data of network attack easily. The high occurrence probability makes the problem urgent (Allen et al., 2000).

Intrusion Detection and Prevention in High Speed Network 55

3. Reject – The reject rule type tells iptables to drop the packet; log it via usual snort means; and send a TCP reset if the protocol is TCP or an ICMP port unreachable if the

Along with the development of the technology used in Linux firewall, Netfilter comes into being. It is well known that Netfilter is a framework that provides hook handling within the

Netfilter is made up of five hook functions towards IPV4, IPV6, and IPX. The identifiers of all hooks for each supported protocol are defined in the protocol-specific header file. The

NF\_IP\_PRE\_ROUTING (default value is 0): incoming packets pass this hook in the ip\_rcv() (linux/net/ipv4/ip\_input.c) function before they are processed by the routing code NF\_IP\_LOCAL\_IN (default value is 1): all incoming packets addressed to the local computer

NF\_IP\_FORWARD (default value is 2): all incoming packets not addressed to the local

NF\_IP\_LOCAL\_OUT (default value is 3): all outgoing packets created in the local computer

NF\_IP\_POST\_ROUTING (default value is 4): this hook in the ip\_finish\_output() function represents the last chance to access all outgoing (forwarded or locally created) packets

NF\_DROP (default value is 0): The active rules list processing is stopped, and the packet is

NF\_ACCEPT (default value is 1): The packet is passed to the next packet filter function in the rules list. Once the end of the list has been reached, the packet is released by okfn()

NF\_STOLEN (default value is 2): The packet filter function withholds the packet for further processing, so that the active rules list processing is stopped. In contrast to NF\_DROP,

NF\_QUEUE (default value is 3): The function nf\_queue() (net/core/netfilter.c) puts the packet in a queue from which it can be removed and processed (e.g., by a user space program). Subsequently, nf\_reinject() has to be invoked to return the packet to the

NF\_REPEAT (default value is 4): In contrast to NF\_ACCEPT, rather than a continuation of processing at the next packet-filter function, the current filter function is invoked again

Iptables is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. Several different tables may be defined. Each table contains a number of built-

Linux kernel for intercepting and manipulating network packets.

pass this hook in the function ip\_local\_deliver()

computer pass this hook in the function ip\_forward()

pass this hook in the function ip\_build\_and\_send\_pkt()

before they leave the computer over a network device

however, the packet does not have to be explicitly dropped

Linux kernel for further processing by netfilter

in chains and may also contain user-defined chains.

There are five return values in the hook functions:

following five hooks are defined for IP Version 4 in <linux/netfilter\_ipv4.h>:

protocol is UDP.

**2.1.2 Netfilter** 

dropped

**2.1.3 Iptables** 

for further processing

Cases are known, the network security is the most reliable foundation for network applications. Every country, for commercial or military purposes, spared a lot to study network security. Research on this issue

Although there are various measures to protect safety, they are not the keys to all kinds of attack. For instance:


This chapter presents the corresponding research work on the intrusion detection and intrusion prevention in large-scale high-speed network environment and is organized as follows: firstly, a distributed extensible intrusion prevention system is provided, then various packet selection models for intrusion detection systems based-on sampling are illustrated, again the design and implementation of a high-speed traffic collection platform based-on sampling on FPGAs and the research of trusted communication protocol for intrusion prevention system are presented, last we draw concclusions.
