期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

一种基于流式模式匹配的分片攻击检测方法 被引量:2

A method of detecting slicing attacks based stream-style pattern match
原文传递
导出
摘要 传统的入侵防御系统中对于通过tcp流分片而躲避入侵检测的攻击行为,所采用的应对方法是通过流重组,而当前的流重组方案要么有着严重的系统开销,要么当攻击者将数据包分片得过小时,方法失效.本文提出了流式模式匹配的思想,将对流数据的连续性需求转化为对模式匹配连续性的需求,从而设计了一种基于流式模式匹配的分片攻击检测方法,可代替流重组方式进行分片攻击检测.经过实验证明,本方法在实时性、吞吐量和内存占用等方面优于传统的流重组方法. For behavior to elude intrusion detection by slicing tcp packets, the traditional intrusion prevention system has to reassemble these packets. But this means serious system cost or losing validity when the slice small enough. This paper presents a new method substituted for stream reassembly to de- tect the slicing attacks, and the authors called it stream pattern matching. In this method, the continuity of the data is converted into the continuity of pattern matching, thus avoid reassembling the stream. After experiments proved that the method is better than the traditional stream-reassemble method in real time, throughput, memory used.
作者 刘德旬 刘晓洁
机构地区 四川大学计算机学院
出处 《四川大学学报(自然科学版)》 CAS CSCD 北大核心 2012年第5期1024-1030,共7页 Journal of Sichuan University(Natural Science Edition)
基金 国家自然科学基金(61173159) 教育部创新工程重大项目培育资金(708075) 国家教育部博士点基金(20070610032)
关键词 入侵防御 流模式匹配 流重组 分片攻击 intrusion prevention, stream pattern match, stream resemble, slicing attack
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献11

  • 1Ptacek T, Newsham T. Insertion, evasion, and deni- al of service., eluding network intrusion detection [R]//Secure Networks Inc. [s. I. ]:[s. n. ], 1998.
  • 2Dharmapurikar S, Paxson V. Robust TCP stream re- assembly in the presence of adversaries [C] ff Balti- more,America, Proceedings of the 14th USENIX Se- curity Symposium. Baltimore, America: USENIX Symposium, 2005.
  • 3熊兵,陈晓苏,陈宁.A Real-Time TCP Stream Reassembly Mechanism in High-Speed Network[J].Journal of Southwest Jiaotong University(English Edition),2009,17(3):185-191. 被引量:3
  • 4Necker M, Contis D, Schimmel D. TCP-Stream re- assembly and state tracking in hardware [C]//10th Annual IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM' 02), Calior-nia America : FCCM' 02, 2002.
  • 5Ruan Y, Yang W B, Chen M Y, etal,Robust TCP reassembly with a Hardware-Based solution for back- bone traffic [C] // Proeeedings of the 2010 IEEE Fifth International Conference on Networking, Architec- ture, and Storage, p. 439-447, July 15-17. Maeau China; IEEE, 2010.
  • 6赵晓玲,孙济洲.应用层协议并行重组算法的设计与实现[D].天津:天津大学,2004.
  • 7杨宏宇,赵晓玲.应用层并行重组在NIDS中的设计与实现[J].吉林大学学报(理学版),2006,44(4):575-582. 被引量:4
  • 8姚隽兮,梁刚,龚勋,韩忠秋.基于多核处理器的入侵防御系统[J].四川大学学报(自然科学版),2010,47(2):263-268. 被引量:2
  • 9Varghese G, Fingerhut j, Bonomi F. Detecting eva- sion attacks at high speeds without reassembly[C]// Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for com- puter communications, September 11-15. Pisa, Ita- ly: SIGCOMM, 2006.
  • 10Alfred V. Aho , Margaret j. Coraick, Efficnt string matching: an aid to bibliographic search[J]. Communications of the ACM, 1975, 18(6) : 333.

二级参考文献16

  • 1孙钦东,张德运,高鹏,刘刚.基于动态负载均衡的分层式高速网络入侵检测模型[J].计算机工程,2005,31(12):13-14. 被引量:4
  • 2李涛.Idid:一种基于免疫的动态入侵检测模型[J].科学通报,2005,50(17):1912-1919. 被引量:26
  • 3杨宏宇,谢丽霞,赵晓玲.入侵检测系统中应用层协议的并行重组[J].计算机工程,2005,31(23):141-142. 被引量:1
  • 4李晓峰,寿标.LogP模型的改进与FFT算法的优化设计[J].计算机研究与发展,1996,33(6):438-444. 被引量:7
  • 5Paxson V,Sommer R,Weaver N.An architecture for exploiting multi-core processors to parallelize network intrusion prevention[J].Concurrency and Computation:Practice and Experience,2009,21(10):1255.
  • 6威尔金森,艾伦.并行程序设计[M].陆鑫达,译.北京:机械工业出版社,2002.
  • 7Bader D A,Kanade V,Madduri K.SWARM:a parallel programming framework for multicore processors[C].Long Beach,CA:IEEE,2007.
  • 8Maurice H,Nir S.The art of multiprocessor programming[M].San Francisco:Morgan Kaufmann Publishers,2008.
  • 9Handley M,Paxson V,Kreibich C.Network Intrusion Detection:Evasion,Traffic Normalization,and End-to-end Protocol Semantics[C]//Proc USENIX Security Symposium 2001.Boston:Addison-Wesley Professional,2001:107-118.
  • 10LIU Shi-shi,SUN Ji-zhou,ZHAO Xiao-ling,et al.A General Purpose Application Layer IDS[C]//Proc IEEE Canadian Conference on Electrical and Computer Engineering (CCECE).Toronto:Dye & Durham Co Inc,2003:927-930.

共引文献6

同被引文献16

  • 1卿斯汉,蒋建春,马恒太,文伟平,刘雪飞.入侵检测技术研究综述[J].通信学报,2004,25(7):19-29. 被引量:237
  • 2吴海燕,蒋东兴,程志锐,高国柱.入侵防御系统研究[J].计算机工程与设计,2007,28(24):5844-5846. 被引量:18
  • 3Dhanalakshmi Y,Babu I R. Intrusion Detection U-sing Data Mining Along Fuzzy Logic and GeneticAlgorithms[J]. Int J Comput Sci,2008,(2):27.
  • 4El-Khatib K. Impact of Feature Reduction on theEfficiency of Wireless Intrusion Detection Systems[J], IEEE Trans Parall Distr, 2010,21(8):1143.
  • 5Gao M,Tian J, Xia M. Intrusion Detection MethodBased On Classify Support Vector Machine[J]. In-tell Comput Tech Autom, 2009(2) :391.
  • 6Hu W. Online Adaboost-Based ParameterizedMethods for Dynamic Distributed Network IntrusionDetection [ J]. IEEE Trans Cybernet, 2014,44(1):66.
  • 7Yang F,Mao K Z. Robust feature selection for mi-croarray data based on multicriterion fusion. [J].IEEE/ACM Trans Computat Biol, 2011, 8(4):1080.
  • 8Stolfo S. KDD cup 1999 dataset [EB/OL]. (1999-02-23). [2014-10-28], http://kdd. ics. uci. edu/da-tabases/kddcup99/task. html.
  • 9刘庆华,林邓伟.IPSec与NAT协同工作的一种解决方案[J].河南科技大学学报(自然科学版),2008,29(4):65-68. 被引量:1
  • 10杨晓宾,梁刚,胡晓勤.基于ARMA的并行入侵检测的负载均衡算法[J].四川大学学报(自然科学版),2011,48(1):80-86. 被引量:3

引证文献2

二级引证文献18

四川大学学报(自然科学版)
2012年 第5期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部