Bo-heung Chung, Jae-Deok Lim, Seungho Ryu, Young-ho Kim, Ki-young Kim
{"title":"Fragment packet partial re-assembly method for intrusion detection","authors":"Bo-heung Chung, Jae-Deok Lim, Seungho Ryu, Young-ho Kim, Ki-young Kim","doi":"10.1109/ICACT.2006.205933","DOIUrl":null,"url":null,"abstract":"This paper proposes the fragment packet partial re-assembly method for intrusion detection. In the proposed method, intrusion detection is performed not with all the fragment packets but with partial fragment packets. If the fragment packet comes, the packet-matching-buffer containing the partial part of the previous fragment packet and this packet is merged into a packet-matching-buffer. After this work, pattern matching for this buffer is done. Finally, for the purpose of the next packet, the partial region of the current packet is stored into the packet-matching-buffer. With the help of these steps, there are two advantages. The one is that it doesn't need to re-assemble all fragment packets for intrusion detection. The other is that the size of buffer can be smaller than all fragment packet re-assembly and can be predictable as a constant size. The proposed method can be used efficiently to prevent malicious code of attackers for avoiding intrusion detection system","PeriodicalId":247315,"journal":{"name":"2006 8th International Conference Advanced Communication Technology","volume":"19 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2006-05-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2006 8th International Conference Advanced Communication Technology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICACT.2006.205933","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
This paper proposes the fragment packet partial re-assembly method for intrusion detection. In the proposed method, intrusion detection is performed not with all the fragment packets but with partial fragment packets. If the fragment packet comes, the packet-matching-buffer containing the partial part of the previous fragment packet and this packet is merged into a packet-matching-buffer. After this work, pattern matching for this buffer is done. Finally, for the purpose of the next packet, the partial region of the current packet is stored into the packet-matching-buffer. With the help of these steps, there are two advantages. The one is that it doesn't need to re-assemble all fragment packets for intrusion detection. The other is that the size of buffer can be smaller than all fragment packet re-assembly and can be predictable as a constant size. The proposed method can be used efficiently to prevent malicious code of attackers for avoiding intrusion detection system
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
