| 基于NDIS中间驱动的入侵检测 |
| |
| 引用本文: | 李明欣,佘堃.基于NDIS中间驱动的入侵检测[J].计算机工程与设计,2007,28(1):51-52,102. |
| |
| 作者姓名: | 李明欣 佘堃 |
| |
| 作者单位: | 电子科技大学计算机科学与工程学院 四川成都610054 |
| |
| 摘 要: | 为了实现基于NDIS的入侵检测,根据NDIS中间驱动的基本原理,采用微软提供的驱动程序开发包,实现了将数据链路层上的所有原始数据包截获.由于中间驱动深入Windows内核,与硬件关系紧密,具有不可绕开性与协议无关性,所以必须自定义数据包的解析.介绍了实现的关键代码,并根据入侵检测的原理,深入分析各种入侵行为特征和截获的数据包,实现中间驱动和入侵检测相结合,对可能出现攻击和端口秘密扫描进行过滤,来达到入侵检测的目的.
|
| 关 键 词: | 网络驱动接口规范 TCP/IP 网络驱动 以太网 入侵检测 NDIS 中间驱动 入侵检测 drivers intermediate based detection 过滤 扫描 端口 结合 数据包的解析 行为特征 分析 基本原理 代码 无关性 关系 硬件 内核 |
| 文章编号: | 1000-7024(2007)01-0051-02 |
| 修稿时间: | 2005-12-15 |
Intrusion detection based on NDIS intermediate drivers |
| |
| LI Ming-xin,SHE Kun.Intrusion detection based on NDIS intermediate drivers[J].Computer Engineering and Design,2007,28(1):51-52,102. |
| |
| Authors: | LI Ming-xin SHE Kun |
| |
| Affiliation: | College of Computer Science and Engineering, University of Electronic Science and Technology of China, Chengdu 610054, China |
| |
| Abstract: | In order to implement intrusion detection based on NDIS,according to NDIS intermediate driver's basic principle,using driver development kit that Microsoft provided,capture all raw data packets at data link layer.Because of NDIS intermediate driver locate inside of Windows kernel,with hardware relation close,can't keep away from and independent of protocol layer,so must self-defining analysis that protocol type.Describing the detailed implement codes,according to detection principle,analyzing in depth various intrusion behaviors and characteristic and raw data packets,combine with NDIS intermediate driverand detection principle,revea-ling attack and port stealth scan might be appear,to achieve the goal of intrusion detection. |
| |
| Keywords: | NDIS TCP/IP network driver ethernet IDS |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
