| 基于路由器代理的分布式湮没检测系统 |
| |
| 引用本文: | 朱文涛,李津生,洪佩琳. 基于路由器代理的分布式湮没检测系统[J]. 计算机学报, 2003, 26(11): 1585-1590 |
| |
| 作者姓名: | 朱文涛 李津生 洪佩琳 |
| |
| 作者单位: | 中国科学技术大学电子工程与信息科学系,合肥,230027 |
| |
| 基金项目: | 国家自然科学基金项目“面向大规模网络的分布式入侵检测和预警模型”资助 ( 90 10 40 3 0 ) |
| |
| 摘 要: | TCP同步湮没是最常见也是最重要的拒绝服务攻击,研究其防范措施对保障网络安全具有重要意义.为弥补状态检测防火墙和基于服务器方案等传统对策的不足,湮没检测系统FDS在叶节点路由器上监控TCP控制分组,根据“SYN-FIN匹配对”协议特性对本地统计信息进行分析以检测攻击.为保护大规模网络,该文将基于代理的分布式入侵检测理论与湮没攻击检测结合,给出了面向硬件的简化系统SFDS.以SFDS作为集成在路由器网络接口的检测代理,提出了一种高性能的分布式湮没检测系统并论述了其全局判决机理.
|
| 关 键 词: | 分布式湮没检测系统 防火墙 网络攻击 网络安全 入侵检测系统 路由器 计算机网络 |
| 修稿时间: | 2002-07-23 |
A Router-Agent-Based Distributed Flooding Detection System |
| |
| ZHU Wen-Tao LI Jin-Sheng HONG Pei-Lin. A Router-Agent-Based Distributed Flooding Detection System[J]. Chinese Journal of Computers, 2003, 26(11): 1585-1590 |
| |
| Authors: | ZHU Wen-Tao LI Jin-Sheng HONG Pei-Lin |
| |
| Abstract: | TCP SYN flood is one of the most common and most important denial of service attacks. Research against SYN flood is of great value to network security. Traditional countermeasures such as stateful inspection firewalls and other server-based solutions have been proved limited and not very efficient. We present a novel approach based on the Flooding Detection System (FDS), which is installed at the leaf routers. Based on the protocol behavior of TCP SYN-FIN pairs, the FDS detects attacks by monitoring TCP control packets and analyzing the local statistical information. To protect large scale network, we first associate the agent-based distributed intrusion detection with detecting SYN flood attacks. A Simplified Flooding Detection System (SFDS) is then proposed and its algorithm is proved to be hardware-oriented. By integrating the SFDSs as detection agents into network interfaces of the routers, we propose a high-performance distributed flooding detection system and its global decision mechanism is illustrated. |
| |
| Keywords: | SYN flood flooding detection system router agent distributed intrusion detection |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
