入侵检测系统作为防火墙的合理补充。在银行网络安全防御系统应用中提供了主

Intrusion detection systems serve as a reasonable complement to firewalls. In the application of the bank's network security defense system, it provides the role of active network protection, which can automatically detect patterns in network traffic that may involve potential intrusions, attacks and abuses. Intrusion detection also greatly reduces management and ensures network security. With the required level of training and timing, with these capabilities, intrusion detection addresses most of the challenges of overall network security and policy compliance. In theory, intrusion detection systems can be divided into network-based intrusion detection and host-based intrusion detection. Network-based intrusion detection is installed in places where network information passes through centrally, such as central switches, hubs, etc., to collect and analyze all the passing network data, and respond to attack behaviors. Host-based intrusion detection is installed on protected hosts, collects information, and responds to host attacks. However, most of the current major commercial systems use a mixture of technologies, and they cannot simply be classified as network-based or host-based, or misuse-based or anomaly-based, and many systems not only have intrusion detection and response functions, but also It has strong functions of network management and network communication statistics. <br>(3) The structure of the bank intrusion detection system <br>The intrusion detection system shown in Figure 5.1. Intrusion detection systems are installed on each network segment and important servers to protect the security of the entire banking system. In order to make up for the shortcomings of conventional intrusion detection systems against specific types of attacks, an intrusion detection system based on network security logs is configured in the bank's network security defense system. More to prevent our machine from becoming an attacker's puppet host.

Intrusion detection system as a reasonable supplement to firewall. In the application of bank network security defense system, it provides the function of actively protecting the network. It can detect the potential intrusion, attack and abuse patterns in the network traffic At the same time, intrusion detection reduces the training level and time required to manage and ensure network security to a great extent. Through these functions, intrusion detection solves most of the problems of compatibility between overall network security and policy. Theoretically, intrusion detection system can be divided into network-based intrusion detection and host based intrusion detection. Network based intrusion detection is installed in the places where network information passes through, such as central switch and hub. It collects and analyzes all network data and responds to attacks. Host based intrusion detection is installed on the protected host to collect information and respond to host attacks. However, at present, most of the main commercial systems use a variety of technologies, which can not be simply classified as network-based or host based, or based on misuse or anomaly. Moreover, many systems not only have the function of intrusion detection and response, but also have strong functions of network management and network communication statistics.<br>（3） Structure of bank intrusion detection system<br>The intrusion detection system shown in Figure 5.1. Intrusion detection system is installed on each network segment and important server to protect the security of the whole banking system. In order to make up for the shortcomings of the conventional intrusion detection system against specific types of attacks, at the same time, an intrusion detection system based on network security log is configured in the bank network security defense system, which can prevent our machine from becoming the puppet host of the attacker under the condition of protecting our network from external attacks.

Intrusion detection system is a reasonable supplement to firewall. In the application of the bank's network security defense system, it provides an active role in protecting the network, which can detect the patterns that may involve potential intrusion, attack and abuse in the network traffic in vain. At the same time, intrusion detection greatly reduces the training level and time required for managing and ensuring the network security. Through these functions, intrusion detection solves most of the problems that the overall network security is compatible with policies. Theoretically, intrusion detection system can be divided into network-based intrusion detection and host-based intrusion detection. Network-based intrusion detection is installed in places where network information passes centrally, such as central switches, hubs, etc., and collects and analyzes all the network data passing through, and responds to attacks. Host-based intrusion detection is installed on protected hosts, collecting information and responding to host attacks. However, at present, most of the main commercial systems use a mixture of technologies, and they cannot be simply classified as network-based or host-based, or misuse-based or anomaly-based. Moreover, many systems not only have intrusion detection and response functions, but also have strong functions of network management and network communication statistics. (C) the structure of bank intrusion detection system The intrusion detection system shown in Figure 5.1. Intrusion detection systems are installed on every network segment and important servers to protect the security of the whole banking system. In order to make up for the shortcomings of the conventional intrusion detection system when fighting against specific types of attacks, an intrusion detection system based on network security log is deployed in the bank network security defense system, so as to prevent our computer from becoming the puppet host of the attacker while protecting our network from external attacks.