| 抗IP分片逃避技术的设计与实现 |
| |
| 引用本文: | 刘宝超,张怡,张博锋.抗IP分片逃避技术的设计与实现[J].计算机工程与科学,2015,37(2):213-218. |
| |
| 作者姓名: | 刘宝超 张怡 张博锋 |
| |
| 作者单位: | 国防科学技术大学计算机学院,湖南长沙,410073 |
| |
| 基金项目: | 国家自然科学基金资助项目(61303264);国家863计划资助项目(2012AA013002) |
| |
| 摘 要: | 通过对目前NIDS的检测技术、IP分片形成以及重组机制的分析,发现常用的NIDS的检测方法不能很好地检测包含在IP分片中的攻击特征,这是由于不同的系统对于分片的处理策略是不同的,不能根据NIDS的处理结果推断终端主机的处理结果,从而包含攻击特征的IP分片可以轻松地逃避NIDS的检测。为此,提出了一种针对于抵抗IP分片攻击的方法,通过在NIDS的前端串行地加入一个流量预处理引擎TPE,对IP分片进行预定的规则处理。实验结果表明,此种方法能够有效地抵御90%以上的IP分片攻击。
|
| 关 键 词: | NIDS IP分片重组 IP分片 逃避 流量预处理引擎 |
| 收稿时间: | 2014-09-12 |
| 修稿时间: | 2014-11-16 |
Design and implementation of an anti IP
fragmentation-evasion technique |
| |
| LIU Bao-chao
,
ZHANG Yi
,
ZHANG Bo-feng.Design and implementation of an anti IP
fragmentation-evasion technique[J].Computer Engineering & Science,2015,37(2):213-218. |
| |
| Authors: | LIU Bao-chao ZHANG Yi ZHANG Bo-feng |
| |
| Affiliation: | (College of Computer,National University of Defense Technology,Changsha 410073,China) |
| |
| Abstract: | Analyzing the detection technology of current NIDS,and the mechanism of formation and reassembly of IP fragmentations,we find that the conventional NIDS detection methods can’t detect the attack signatures contained in IP fragmentation very well,which is due to different fragmentation treatment strategies of different systems.Besides,the results of end hosts can’t be deduced from the results of NIDS,so the inconsistent behaviors between NIDS and end hosts,which means there may exist attack signatures in IP fragmentation,can easily evade NIDS detection.Therefore,we propose an anti IP fragmentation evasion method by adding a TPE in the front of NIDS by serial method,which presets rules for IP fragmentation.Experimental results show that our method can effectively resist the IP fragmentation attack by about 90%. |
| |
| Keywords: | NIDS IP fragmentation reassemble IP fragmentation evasion Traffic Preprocess Engine |
| 本文献已被 万方数据 等数据库收录! |
| 点击此处可从《计算机工程与科学》浏览原始摘要信息 |
|
点击此处可从《计算机工程与科学》下载全文 |
|
