An efficient TCP reassembler mechanism for layer7-aware network intrusion detection/prevention systems

Miyuki Hanaoka, Kenji Kono, Makoto Shimamura, Satoshi Yamaguchi

研究成果: Conference contribution

2 被引用数 (Scopus)

抄録

Exploiting layer7 context is an effective approach to improving the accuracy of detecting malicious messages in network intrusion detection/prevention systems (NIDS/NIPSs). Unfortunately, layer7-aware NIDS/NIPSs pose crucial implementation issues because they require full TCP/IP reassembly without losing 1) complete prevention, 2) performance, 3) application transparency, or 4) transport transparency. To the best of our knowledge, none of the existing approaches meet all of these requirements. Our store-through does this by forwarding each out-of-order or IP-fragmented packet immediately after copying it even if it has not been checked yet. Although the forwarded packet might turn out to be a part of an attack, the store-through can successfully defend against the attack by blocking one of the subsequent packets Testing of a prototype in Linux kernel 2.4.30 demonstrated that the overhead of our mechanism is negligible compared with that of a simple IP forwarder even with the presence of out-of-order packets.

本文言語English
ホスト出版物のタイトル12th IEEE International Symposium on Computers and Communications, ISCC '07
ページ79-86
ページ数8
DOI
出版ステータスPublished - 2007 12 1
イベント12th IEEE International Symposium on Computers and Communications, ISCC '07 - Aveiro, Portugal
継続期間: 2007 7 12007 7 4

出版物シリーズ

名前Proceedings - IEEE Symposium on Computers and Communications
ISSN(印刷版)1530-1346

Other

Other12th IEEE International Symposium on Computers and Communications, ISCC '07
CountryPortugal
CityAveiro
Period07/7/107/7/4

ASJC Scopus subject areas

  • Software
  • Signal Processing
  • Mathematics(all)
  • Computer Science Applications
  • Computer Networks and Communications

フィンガープリント 「An efficient TCP reassembler mechanism for layer7-aware network intrusion detection/prevention systems」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

引用スタイル