A New Intrusion Detection System Based on Protocol Acknowledgement

A New Intrusion Detection System Based on Protocol Acknowledgement

Pattern matching method has been used in this paper, and intrusion detection method based on protocol acknowledgement is proposed. We analyze how to determine the time interval value of ΔT and the threshold value of N, and the existence of direct proportion relationship between ΔT and N is proved. T...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Chundong Wang, Quancai Deng, Qing Chang, Hua Zhang, Huaibin Wang
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Filtering
Floods
Intrusion detection
IP networks
Probes
Protocols
Servers
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Pattern matching method has been used in this paper, and intrusion detection method based on protocol acknowledgement is proposed. We analyze how to determine the time interval value of ΔT and the threshold value of N, and the existence of direct proportion relationship between ΔT and N is proved. The protocol acknowledgement module includes packet filtering and state protocol analysis techniques. Packet filtering technology can filter out the packet that the system does not care about to improve the efficiency of intrusion detection and security of the system itself; state protocol analysis technology that captures the data and maps for the state sequence accurately characterizes the process and attack steps of the protocol, which can effectively detect the invasion of multiple data packets collaboration. DDoS attack device is used to simulate the attack in the experiment. Experimental results show that the protocol acknowledgement method can effectively detect the attack that is similar to "TCP SYN FLOOD" and "Ping probe" attacks.
DOI:10.1109/ICMULT.2010.5630320