{"title":"基于统计分析的异常访问IP报文特征提取","authors":"S. Oshima, T. Nakashima, Y. Nishikido","doi":"10.1109/IIH-MSP.2007.400","DOIUrl":null,"url":null,"abstract":"To defend DoS (denial of service) Attacks, the access filtering mechanism is adopted on the end servers or the IDS (intrusion detection system). The difficulty to define the filtering rules comes from the hardness to identify normal and anomaly packets from the incoming packets. In this paper, we analyze the amount of incoming packet to our college and extract characters of IP packets classified by the source and destination IP addresses and destination port numbers. We can clearly identify the countries and providers of denial packets and extract the characters of crawls of search engines.","PeriodicalId":385132,"journal":{"name":"Third International Conference on Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP 2007)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-11-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Extraction for Characteristics of Anomaly Accessed IP Packets Based on Statistical Analysis\",\"authors\":\"S. Oshima, T. Nakashima, Y. Nishikido\",\"doi\":\"10.1109/IIH-MSP.2007.400\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"To defend DoS (denial of service) Attacks, the access filtering mechanism is adopted on the end servers or the IDS (intrusion detection system). The difficulty to define the filtering rules comes from the hardness to identify normal and anomaly packets from the incoming packets. In this paper, we analyze the amount of incoming packet to our college and extract characters of IP packets classified by the source and destination IP addresses and destination port numbers. We can clearly identify the countries and providers of denial packets and extract the characters of crawls of search engines.\",\"PeriodicalId\":385132,\"journal\":{\"name\":\"Third International Conference on Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP 2007)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2007-11-26\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Third International Conference on Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP 2007)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IIH-MSP.2007.400\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Third International Conference on Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP 2007)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IIH-MSP.2007.400","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1
摘要
为了防御DoS (denial of service)攻击,终端服务器或入侵检测系统通常采用访问过滤机制。定义过滤规则的困难在于很难从传入报文中识别正常和异常报文。本文分析了我院接收到的数据包数量,并根据源、目的IP地址和目的端口号对IP数据包进行了特征提取。我们可以清楚地识别出拒绝数据包的国家和提供商,并提取出搜索引擎爬虫的特征。
Extraction for Characteristics of Anomaly Accessed IP Packets Based on Statistical Analysis
To defend DoS (denial of service) Attacks, the access filtering mechanism is adopted on the end servers or the IDS (intrusion detection system). The difficulty to define the filtering rules comes from the hardness to identify normal and anomaly packets from the incoming packets. In this paper, we analyze the amount of incoming packet to our college and extract characters of IP packets classified by the source and destination IP addresses and destination port numbers. We can clearly identify the countries and providers of denial packets and extract the characters of crawls of search engines.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
