Article metrics

  • citations in SCindeks: [2]
  • citations in CrossRef:0
  • citations in Google Scholar:[=>]
  • visits in previous 30 days:3
  • full-text downloads in 30 days:1
article: 1 from 1  
Yugoslav Journal of Operations Research
2008, vol. 18, iss. 1, pp. 109-122
article language: English
document type: unclassified
published on: 07/07/2008
doi: 10.2298/YJOR0801109D
An intrusion prevention system as a proactive security mechanism in network infrastructure
aGeneral Staff of Serbian Armed Forces, Belgrade
bUniversity of Belgrade, Faculty of Organizational Sciences

e-mail: nenad.dulanovic@vj.yu, dane.hinic@vj.yu,


A properly configured firewall is a good starting point in securing a computer network. However, complex network environments that involve higher number of participants and endpoints require better security infrastructure. Intrusion Detection Systems (IDS), proposed as a solution to perimeter defense, have many open problems and it is clear that better solutions must be found. Due to many unsolved problems associated with IDS, Intrusion Prevention Systems (IPS) are introduced. The main idea in IPS is to be proactive. This paper gives an insight of Cobrador Bouncer IPS implementation. System architecture is given and three different Bouncer IPS deployment modes are presented. The Bouncer IPS as a proactive honeypot is also discussed.


intrusion prevention system; bouncer; firewall


Barkett, M. Intrusion prevention systems.
Baumrucker, C., Burton, J., Dentler, S., i dr. (2003) Cisco security professional's guide to secure intrusion detection systems. Syngress Publishing
CSI (2004) Computer crime and security survey 2004
Endorf, C., Schultz, E., Mellander, J. (2004) Intrusion detection & prevention. McGraw-Hill
Sarang, D., Praveen, K., Sproull, T.S., Lockwood, J.W. (2004) Deep packet inspection using parallel bloom filters. IEEE Micro, vol. 24, br. 1, Jan.pp. 52-61
Schuehler, D.V., Moscola, J., Lockwood, J.W. (2004) Architecture for a hardware-based, TCP/IP content-processing system. IEEE Micro, 24(1): 62
Song, H., Lockwood, J.W. (2005) Efficient packet classification for network intrusion detection using FPGA. in: Proceedings of the International Symposium on Field-Programmable Gate Arrays, FPGA '05, Feb 20-22, Monterey, California
Sproull, T., Lockwood, J. (2004) Wide-area hardware-accelerated intrusion prevention systems (WHIPS). in: Proceedings of the International Working Conference on Active Networking (IWAN), Lawrence, Kansas, 27-29 October
Xinidis, K., Anagnostakis, K.G., Markatos, E.P. (2005) Design and implementation of a high performance network intrusion prevention system. in: Proceedings of the 20th International Information Security Conference (SEC 2005), Makuhari-Messe, Chiba, Japan, May 30-June 1