共查询到20条相似文献,搜索用时 203 毫秒
1.
状态协议分析技术在TCP中的应用 总被引:1,自引:1,他引:1
入侵检测系统已经日益成为网络安全系统的重要组成部分,成为网络安全必不可少的的一部分。其核心技术就是针对攻击所采用的检测技术。就目前而言网络攻击以拒绝服务攻击居多,而拒绝服务攻击大多数都与TCP相关,因此,应根据TCP的有关特性设计出相应的检测方法。文中介绍了TCP报文的封装情况、TCP报文段格式规定和TCP连接中的“三次握手”协议。然后在此基础上,从状态协议分析的角度出发,对与TCP相关的“TCP SYN洪水”攻击进行描述,并提出了相应的解决办法。 相似文献
2.
李继良 《数字社区&智能家居》2007,(18)
随着互联网的迅速普及和应用的不断发展,各种黑客工具和网络攻击手段也随之倍出,网络攻击导致网络和用户受到侵害,其中分布式拒绝服务DDoS以其攻击范围广、隐蔽性强、简单有效等特点成为常见的网络攻击技术之一,极大地影响网络和业务主机系统的有效服务.其中的TCP DDoS它利用了传统协议中三次握手协议的不安全性,向互联网服务器发送大量的报文.由于服务器接收大量无效的报文,而使得正常的报文无法得到及时响应.如何检测这种攻击发生以及如何降低这种攻击所带来的后果已成为目前安全界研究的热点问题. 相似文献
3.
DDoS下的TCP洪流攻击及对策 总被引:6,自引:0,他引:6
分布式拒绝服务攻击(DDoS)是近年来出现的一种极具攻击力的Internet攻击手段,而TCP洪流攻击是其最主要的攻击方式之一。本文提出了一种针对TCP洪流攻击的本地攻击检测-过滤LADF机制,其部署于受害者及其上游ISP网络。该机制综合使用了一种基于信息熵的异常检测技术、SYN-cookie技术和“红名单”技术来检测攻击报文,最终结合新型防火墙技术,构建起一个完善的本地DDoS防御系统。 相似文献
4.
基于路由器代理的分布式湮没检测系统 总被引:4,自引:0,他引:4
TCP同步湮没是最常见也是最重要的拒绝服务攻击,研究其防范措施对保障网络安全具有重要意义.为弥补状态检测防火墙和基于服务器方案等传统对策的不足,湮没检测系统FDS在叶节点路由器上监控TCP控制分组,根据“SYN-FIN匹配对”协议特性对本地统计信息进行分析以检测攻击.为保护大规模网络,该文将基于代理的分布式入侵检测理论与湮没攻击检测结合,给出了面向硬件的简化系统SFDS.以SFDS作为集成在路由器网络接口的检测代理,提出了一种高性能的分布式湮没检测系统并论述了其全局判决机理. 相似文献
5.
6.
本文首先论述了TCP/IP连接中三次握手协议的原理以及由此产生的拒绝服务攻击的原理、特征,所用的协议与服务以及过去一些防御措施。然后以Intel最新的IXA可编程网络处理器IXP2800为例介绍了Intel网络处理器在解决网络安全问题上采取的一些最新技术,并且叙述了采取Intel网络处理器来解决网络安全的优点。最后提出使用可编程网络处理器来防范拒绝服务攻击的算法和实现方案。 相似文献
7.
基于网络拒绝服务攻击的技术分析与安全策略 总被引:10,自引:1,他引:10
拒绝服务攻击是目前一种常见而有效的网络攻击手段,它通过利用协议或系统中的缺陷或漏洞,采取欺骗或伪装的策略来进行攻击,使受害者因资源耗尽或系统瘫痪而无法向合法用户提供服务。介绍了拒绝服务攻击实施的原理,所利用的相关协议的漏洞,常见的拒绝服务攻击程序,以及拒绝服务攻击的最新进展,并说明了如何结合防火墙和入侵检测系统等手段来制定相应的安全策略以防范其攻击。 相似文献
8.
基于SVM分类器的SYN Flood攻击检测规则生成方法的研究 总被引:2,自引:0,他引:2
洪泛攻击(SYN flood)是目前最常用的拒绝服务攻击之一,它通过发送大量TCP请求连接报文,造成大量的半连接从而消耗网络资源.由于洪泛攻击中所使用的数据包都是正常数据包,又采用了伪IP技术,使得对其的检测和阻断都十分困难.本文分析了洪泛攻击的攻击原理以及检测并阻断攻击困难的原因,提出了二次检测的防御方法,先用SVM异常检测分类器检测出攻击报文.再依据报文相似度生成误用检测规则从而阻断攻击报文.试验结果表明这种方法对SYN flood攻击的检测效果明显。 相似文献
9.
10.
随着网络应用的普及和深入,拒绝服务攻击对网络安全的威胁日益增加。文章介绍了DoS/DDoS攻击原理及常用的攻击手段,提出 了一种基于Linux网关的DoS/DDoS防护系统的设计与实现。在这个系统中,设置了反扫描跟踪、TCP连接监控、状态检测、入侵检测与防护4 道关卡,有效地抵御了常见的网络扫描与DOS/DDOS攻击。 相似文献
11.
ABSTRACTIntrusion detection systems are one of the necessities of networks to identify the problem of network attacks. Organizations striving to protect their data from intruders are often challenged by attackers, who find new ways to attack and compromise the security of the network. The detection process becomes quite difficult while dealing with high-speed and distributed attacks that are performed using botnets. These attacks threat both the confidentiality of legitimate users and the infrastructure of the network and to protect them, early discovery of network attacks is important. In this paper, an open source Intrusion Detection System (IDS), Snort is presented as a solution to detect DoS and Port Scan network attacks in a high-speed network. A set of custom rules has been proposed for Snort to detect DoS and Port Scan attacks in high-speed network. The rules are compared and tested using different attack generators like Scapy, Hping3, LOIC and Nmap. Snort’s efficiency in detecting the DoS and Port Scan attacks using the new rules is experimentally proved to be around 99% for all the attacks except for Ping of Death. The proposed system works well for different attack generators in a high-speed network. 相似文献
12.
在分析传统入侵检测系统不足的基础上,提出了基于Linux操作系统的DoS攻击检测和审计系统。网络安全检测模块通过统计的方法检测内网发起的DoS攻击行为,网络行为规范模块过滤用户对非法网站的访问,网络行为审计模块则记录内网用户的非法行为。实验证明,相比传统的入侵检测系统,该系统能够有效地检测出DoS攻击,并能规范网络用户行为和有效审计非法网络行为。 相似文献
13.
Mehdi Merouane 《Automatic Control and Computer Sciences》2017,51(1):13-23
Nowadays, Denial of Service (DoS) attacks have become a major security threat to networks and the Internet. Therefore, even a naive hacker can launch a large-scale DoS attack to the victim from providing Internet services. This article deals with the evaluation of the Snort IDS in terms of packet processing performance and detection. This work describes the aspect involved in building campus network security system and then evaluates the campus network security risks and threats, mainly analyses the attacks DoS and DDoS, and puts forward new approach for Snort campus network security solutions. The objective is to analyze the functional advantages of the solution, deployment and configuration of the open source based on Snort intrusion detection system. The evaluation metrics are defined using Snort namely comparison between basic rules with new ones, available bandwidth, CPU loading and memory usage. 相似文献
14.
In the network security system, intrusion detection plays a significant role. The network security system detects the malicious actions in the network and also conforms the availability, integrity and confidentiality of data information resources. Intrusion identification system can easily detect the false positive alerts. If large number of false positive alerts are created then it makes intrusion detection system as difficult to differentiate the false positive alerts from genuine attacks. Many research works have been done. The issues in the existing algorithms are more memory space and need more time to execute the transactions of records. This paper proposes a novel framework of network security Intrusion Detection System (IDS) using Modified Frequent Pattern (MFP-Tree) via K-means algorithm. The accuracy rate of Modified Frequent Pattern Tree (MFPT)-K means method in finding the various attacks are Normal 94.89%, for DoS based attack 98.34%, for User to Root (U2R) attacks got 96.73%, Remote to Local (R2L) got 95.89% and Probe attack got 92.67% and is optimal when it is compared with other existing algorithms of K-Means and APRIORI. 相似文献
15.
16.
Jing Wang Xiangyu Lei Qisheng Jiang Osama Alfarraj Amr Tolba Gwang-jun Kim 《计算机系统科学与工程》2023,45(2):1727-1742
Software-Defined Network (SDN) decouples the control plane of network devices from the data plane. While alleviating the problems presented in traditional network architectures, it also brings potential security risks, particularly network Denial-of-Service (DoS) attacks. While many research efforts have been devoted to identifying new features for DoS attack detection, detection methods are less accurate in detecting DoS attacks against client hosts due to the high stealth of such attacks. To solve this problem, a new method of DoS attack detection based on Deep Factorization Machine (DeepFM) is proposed in SDN. Firstly, we select the Growth Rate of Max Matched Packets (GRMMP) in SDN as detection feature. Then, the DeepFM algorithm is used to extract features from flow rules and classify them into dense and discrete features to detect DoS attacks. After training, the model can be used to infer whether SDN is under DoS attacks, and a DeepFM-based detection method for DoS attacks against client host is implemented. Simulation results show that our method can effectively detect DoS attacks in SDN. Compared with the K-Nearest Neighbor (K-NN), Artificial Neural Network (ANN) models, Support Vector Machine (SVM) and Random Forest models, our proposed method outperforms in accuracy, precision and F1 values. 相似文献
17.
Phurivit SangkatsaneeNaruemon Wattanapongsakorn Chalermpol Charnsripinyo 《Computer Communications》2011,34(18):2227-2235
The growing prevalence of network attacks is a well-known problem which can impact the availability, confidentiality, and integrity of critical information for both individuals and enterprises. In this paper, we propose a real-time intrusion detection approach using a supervised machine learning technique. Our approach is simple and efficient, and can be used with many machine learning techniques. We applied different well-known machine learning techniques to evaluate the performance of our IDS approach. Our experimental results show that the Decision Tree technique can outperform the other techniques. Therefore, we further developed a real-time intrusion detection system (RT-IDS) using the Decision Tree technique to classify on-line network data as normal or attack data. We also identified 12 essential features of network data which are relevant to detecting network attacks using the information gain as our feature selection criterions. Our RT-IDS can distinguish normal network activities from main attack types (Probe and Denial of Service (DoS)) with a detection rate higher than 98% within 2 s. We also developed a new post-processing procedure to reduce the false-alarm rate as well as increase the reliability and detection accuracy of the intrusion detection system. 相似文献
18.
针对网络入侵检测系统的攻击及防御 总被引:3,自引:0,他引:3
Internet的使用越来越广泛,随之而来的网络安全已成为人们关注的焦点。入侵检测系统作为一种对付攻击的有效手段,已为越来越多的单位所采用。然而一旦攻击者发现目标网络中部署有入侵检测系统IDS,那么IDS往往成为他们首选的攻击目标。该文详细分析了针对网络IDS的几种攻击类型,即过载攻击、崩溃攻击和欺骗攻击,以及如何防御这些攻击,这对于IDS的设计具有一定的借鉴意义。 相似文献
19.
20.
Cyber‐Physical Systems (CPSs) are vulnerable to malicious network attacks due to tight combination of cyber‐system and physical system through a more open network communication. In this paper, a guaranteed cost control problem for a CPS under DoS jamming attacks is solved via both state feedback and output feedback methods. Specifically, an energy constraint DoS jammer with clear periodic attack strategy is proposed to attack wireless channel and to degrade the system performance. Without knowing the DoS jammer's attack strategy, a passive attack‐tolerant mechanism is established, and the corresponding state feedback and output feedback controllers are designed to achieve guaranteed cost control for the CPS with inherent packet dropouts under DoS jamming attacks. Finally, numerical examples are presented to demonstrate the effectiveness of the guaranteed cost controllers. 相似文献