Title :
A New Intrusion Detection System Based on Protocol Acknowledgement
Author :
Wang, Chundong ; Deng, Quancai ; CHang, Qing ; Zhang, Hua ; Wang, Huaibin
Author_Institution :
Tianjin Key Lab. of Intell. Comput. & Novel Software Technol., Tianjin Univ. of Technol., Tianjin, China
Abstract :
Pattern matching method has been used in this paper, and intrusion detection method based on protocol acknowledgement is proposed. We analyze how to determine the time interval value of ΔT and the threshold value of N, and the existence of direct proportion relationship between ΔT and N is proved. The protocol acknowledgement module includes packet filtering and state protocol analysis techniques. Packet filtering technology can filter out the packet that the system does not care about to improve the efficiency of intrusion detection and security of the system itself; state protocol analysis technology that captures the data and maps for the state sequence accurately characterizes the process and attack steps of the protocol, which can effectively detect the invasion of multiple data packets collaboration. DDoS attack device is used to simulate the attack in the experiment. Experimental results show that the protocol acknowledgement method can effectively detect the attack that is similar to "TCP SYN FLOOD" and "Ping probe" attacks.
Keywords :
filtering theory; pattern matching; protocols; security of data; DDoS attack device; data packets collaboration; intrusion detection system; packet filtering; pattern matching; protocol acknowledgement; state protocol analysis; state sequence; system security; threshold value; time interval value; Filtering; Floods; IP networks; Intrusion detection; Probes; Protocols; Servers;
Conference_Titel :
Multimedia Technology (ICMT), 2010 International Conference on
Conference_Location :
Ningbo
Print_ISBN :
978-1-4244-7871-2
DOI :
10.1109/ICMULT.2010.5630320
