摘要
入侵检测系统已经日益成为网络安全系统的重要组成部分,成为网络安全必不可少的的一部分。其核心技术就是针对攻击所采用的检测技术。就目前而言网络攻击以拒绝服务攻击居多,而拒绝服务攻击大多数都与TCP相关,因此,应根据TCP的有关特性设计出相应的检测方法。文中介绍了TCP报文的封装情况、TCP报文段格式规定和TCP连接中的“三次握手”协议。然后在此基础上,从状态协议分析的角度出发,对与TCP相关的“TCP SYN洪水”攻击进行描述,并提出了相应的解决办法。
Intrusion detection system(IDS) is becoming more and more important in network security system. The detecting technique is the kernel of IDS. The denial of service(DoS) attack is the main attack of the network attacks. Most of DoS attacks is a TCP attack. So it is necessary to design the detecting measuras according to the attributes of the TCP. The specification of TCP as well as its three way handshake is introduced in the paper. Based on protocol status analysis, some TCP attack cases are studied and the corresponding countermeasures is presented.
出处
《计算机技术与发展》
2006年第3期211-212,216,共3页
Computer Technology and Development
关键词
状态协议分析
入侵检测
传输层控制协议
,protocol status analysis
intrusion detection
transfer control protocol
