摘要
随着黑客入侵事件的日益猖獗,人们发现只从防御的角度构造安全系统是不够的。入侵检测技术是继“防火墙”、“数据加密”等传统安全保护措施后新一代的安全保障技术。他对计算机和网络资源上的恶意使用行为进行识别和响应,它不仅检测来自外部的入侵行为,同时也监督内部用户的未授权活动。
本文提出一种基于模糊逻辑规则检测出SYN湮没(SYN flooding)攻击的方法。这个模型主要依赖于提取出网络数据包中的显著特征,然后通过运用一组模糊规则做出最终判定是否为入侵行为。
With more and more intrusion techniques developed, it is not enough to protect network system only from a defender's perspective. Intrusion detection technology is a protection technology after the traditional protection techniques such as "firewall" and "encryption"; Intrusion Detection Systems (IDSs) watch the computer and network traffic for intrusive and suspicious activities. They not only detect the intrusion from the extranet hackers, but also the intranet users.
This paper brings out a new approach that adopts the fuzzy-rule based technique to detect the SYN flooding attacks. Our model relies on the significant parameters of anomalous network packets and identifies the attacks with the use of a set of fuzzy rules.
引文
[1] An Introduction to Intrusion Detection & ASSESSMENT·ICSA, Inc.
[2] Thomas H. Ptacek, Timothy N. Newsham·Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection·Jan, 1998
[3] hnp://www.sans.org/infosecFAQ/intrusion/IDS.htm
[4] http://documents.iss.net/whitepapers/nvh ids.pdf
[5]Stephen Northcutt·网络入侵检测分析员手册·北京·人民邮电出版社·2000
[6]Terry Escamilla·入侵者检测优于防火墙的网络安全措施·北京·电子工业出版社·1999
[7]Chris Brenton·网络安全从入门到精通·北京·电子工业出版社·1999
[8]王锐,陈凯等译·网络最高安全技术指南·北京·机械工业出版社·1998
[9]陆长艳·网络安全与入侵检测·雷达与对抗·第2期·2000
[10]蒋建春等·网络安全入侵检测:研究综述·软件学报·Vol11·2000
[11]Intrusion Detecion Systerns Buyer's guide
[12] Giovanni Vigna, Richard A. Kemmerer·NetSTAT: A Network-based Intrusion Detection Approach·University of California Santa Barbara
[13] A CyberCop Intrusion Protection White Paper·Next generation intrusion detection in high-speed network
[14] Kumar S.·Classification and Detection of Computer Intrusions·Ph.D. Thesis·1995
[15] Urupoj Kanlayasiri, Surasak Sanguanpong, Wipa Jaratrnanachot·A rule-based Approach for Port Scanning Detection·Dept Of Computer Engineering·Kasetsart University
[16] Biswanath Mukherjee, L.Todd Heberiein, Karl N. Levitt·Network Intrusion Detection·May/June 1994·IEEE Network
[17] Rebecca Bace, Peter Mell·Intrusion Detection Systems·NIST Special Publication on Intrusion Detection system
[18] 3rd Gernration Intrusion Dtection Technology From Netwrok ICE·Protocol Analysis and Command Parsing vs. Pattern Matching in Intrusion Detection Systems
[19] Char Sample, Mike Nickle, Ian Poynter·Firewall and IDS Shortcomings·SANS Network Security·Monterey·California·October 2000
[20] C. Jason Coit, Stuart Staniford, Joseph McAlernery·Towards Faster String Matching for Intrusion Detection or Exceeding the Speed of Snort
[21] Kevind J. Houle, George M. Weaver·Trends in Denial of Service Attack Technology·CERT/CC·2001
[22] Ravi S. Sandhu, Pierangela Sarnarati·Authentication, Access Control, and Intrusion Detection
[23] Jake Ryan, Meng-Jang Lin·Intrusion Detection with Neural Networks·The Univ of Texas as Austin
[24] Ofir Arkin·Network Scanning Techniques——understanding how it is done·http://www.publicome.co.il·1999
[25] http://www.nsfocus.com/
[26] http ://www.docshow. net
[27]W.Richard Stevens·TCP/IP详解卷1:协议·北京·机械工业出版社·2000
[28]W.Richard Stevens·TCP/IP详解卷2:实现·北京·机械工业出版社·2000
[29]W.Richard Stevens·Unix网络编程·第二版·北京·清华大学出版社·1999
[30]Adeel Naris·Fuzzy Logic and its Application·Institute of Industrial Electronics Engineering
[31]王士同·神经模糊系统及其应用·北京·北京航天大学出版社·1997