1. Field
The present invention relates to an information security protection host. More particularly, the information security protection host of the present invention can, according to one or more operating systems running on itself and network services provided by the one or more operating systems, choose sets of verification rules, which correspond to different operating systems or network services provided by the operating systems, from a plurality of verification rules to verify a received packet. This can avoid that packets related to different operating systems are all verified by using identical verification rules.
2. Descriptions of the Related Art
Owing to rapid development of the Internet, more and more enterprises now provide various network services (e.g., Web page services, email services and File Transfer Protocol (FTP) services) through deployment of hosts. However, while the Internet provides convenience for people to transmit information, it also makes possibility for some people to intrude into the hosts to steal or tamper with data stored therein. Therefore, to protect data in the hosts, almost all the hosts have been installed with an intrusion detection system (IDS) to detect various intrusion events.
Conventional IDSs generally load too many verification rules into received packets in order to verify content of the packets, and even for packets without possibility of imposing a threat on operating systems running in the hosts, the conventional IDSs also loads all verification rules for verification. However, loading too many verification rules significantly compromises the system performances and tends to make a false determination.
Furthermore, currently for hosts of some enterprises, a virtual machine monitor (VMM) device is used to run a number of different operating systems. Hence, if the VMM device further runs a conventional IDS to verify each packet associated with these different operations systems, the problems of compromising system performances due to loading too many verification rules would necessarily become more serious.
According to the above descriptions, efforts still have to be made in the art to improve detection performance of an IDS, especially when a VMM device is used in a host to run a number of different operating systems.