检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
作 者:张冰冰[1]
机构地区:[1]黑龙江省电力医院微机室,黑龙江哈尔滨150090
出 处:《电子科技》2017年第9期169-172,共4页Electronic Science and Technology
摘 要:由于地址解析协议(ARP)是无状态协议,且由主机发送的任何IP-MAC配对时在未经验证的情况下被接受,由此可能被局域网(LAN)中的恶意主机利用。针对该问题,文中提出了用于LAN攻击的入侵检测系统的离散事件系统。通过在ARP分组序列的基础上,在正常和攻击状态下为LAN建立离散事件系统模型;使用主动ARP检测以在正常和攻击状态下创建不同的ARP事件;随后,构建离散事件系统检测器,根据检测到的ARP事件确定LAN是否处于正常或攻击状态。文中所提出的方案在测试平台中被成功实现。Since the Address Resolution Protocol (ARP) is a stateless protocol and any IP - MAC pair sent by the host is accepted without authentication, it may be exploited by malicious hosts in a local area network. To solve this problem, a discrete event system for intrusion detection system for LAN attack is proposed in this paper. Using the active ARP detection to create different ARP events in the normal and attack state; and then constructing the discrete event system detector to detect the ARP events in the normal and attack state; Determine whether the LAN is in a normal or attacked state based on the detected ARP events. The scheme proposed in this paper is successfully implemented in the test platform.
关 键 词:局域网(LAN)攻击 离散事件系统 地址解析协议(ARP) 网络安全
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.232
