摘要
针对802.1X协议存在一定漏洞且易受重放、拒绝服务等攻击,结合802.1X协议的认证过程,抽象出802.1X协议认证的状态转移过程,同时针对802.1X协议的功能性攻击,构造出一套攻击状态转移机制:分析802.11报文和基于局域网的扩展认证协议(EAPOL)/扩展认证协议(EAP)报文的结构;剔除出重传的报文,逐个字段解析出关键字并存入链表中;将根据EAPOL/EAP报文格式取得检测所需的EAP报文存入缓存.据此,设计出基于状态机的802.1X的攻击检测方法.实验结果表明,在实际组网环境下的重放/DoS等802.1X功能性攻击能够得到准确的检测,并具有有效、统一的检测结果.
There are some loopholes in 802.1X protocol such as replay attacks, DoS (Denial of Service) attacks and so on. The paper presents an state transition process for certification of 802.1X, and designs an attack state transfer mechanism for functional attacks. The architecture of 802. 11 frames, EAPOL frames and EAP frames are analyzed. The replay frames are deleted and keywords are abstracted and saved from the list of remaining frames one by one. Then the EAP frames which are required for detection are saved in the cache. The security detection method of 802. 1X is designed based on the state transition mechanism. Experimental results show that functional attacks of 802.1X such as replay/DoS attacks can be detected accurately in real network environments, and the detection is effective and consistent.
出处
《西安交通大学学报》
EI
CAS
CSCD
北大核心
2010年第4期52-56,共5页
Journal of Xi'an Jiaotong University
基金
国家自然科学基金资助项目(60872009
60602016)
国家高技术发展计划资助项目(2007AA01Z428
2009AA01Z148)
安徽省自然科学研究计划重大项目(ZD2008005-2
ZD00904
JK2009A013
JK2009A025)
关键词
协议攻击
状态转移
检测方法
protocol attack
state transition detection method
