检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:高磊[1] 张德运[1] Md Jahangir Alam 张军[1] 胡国栋[1]
机构地区:[1]西安交通大学电子与信息工程学院
出 处:《西安交通大学学报》2006年第6期659-662,共4页Journal of Xi'an Jiaotong University
基 金:国家信息化计算机网络与信息安全基金资助项目(2001-研1-010)
摘 要:从面向连接的角度出发,以Petri网为工具,建立了TCP协议异常检测模型.该模型以TCP协议的状态变迁图为基础,并根据协议规范可对传输报文的标志位进行系统的分析,从而识别出标志位非法组合构成的畸形报文(FIN-RST报文).模型中规定了各种状态下可接收的标志位集合,同时还细化了各状态下的超时异常,据此可准确地检测出各种异常,以抵御已知和未知的非法行为.利用该模型不仅可发现已知异常事件,还可对未知漏洞进行防范.通过实验发现,网络中的错误标志位报文、端口扫描以及DOS攻击产生的异常流量将占到总流量的10%以上.Based on Petri net, a connection oriented TCP protocol anomaly detection model was established. Based on TCP state transition diagram, the flag bits of packets were systemically analyzed according to TCP protocol specification. So the malformed packets, which abnormally formed by flag bits, such as FIN-RST packets can be identified. The receivable flag bit set of each state in the model was defined, meanwhile the timeout anomaly of each state was refined, by which varied anomaly can be detected accurately so as to defend the known and unknown abnormal behaviors. With the detection model, not only the known anomalies can be discovered, but also can it protect from unknown attacks. Experimental results show that the quantity of anomalies generated by packets with malformed flag, port scans and DOS attacks will occupy more than 10 percent of the total traffic in networks.
分 类 号:TP393[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.30