상세정보
학술대회
Fragment Packet Partial Re-assembly Method for Intrusion Detection
Cited 0 time in 
Download 0 time
Share 
Download 0 time
Share
- 발행일
- 200602
- 출처
- International Conference on Advanced Communication Technology (ICACT) 2006, pp.120-122
- 협약과제
- 06MK1100, 고성능 네트워크 정보보호 시스템 개발, 손승원
- 초록
- This paper proposes the Fragment Packet Partial Re-assembly Method for Intrusion Detection. In the proposed method, intrusion detection is performed detection not with all the fragment packets but with partial fragment packets. If fragment packet comes, packet-matching-buffer which contains the partial part of previous fragment packet and this packet will be merged into a packet-matching-buffer. After this work, pattern matching for this buffer is done. Finally, for the purpose of next packet coming, the partial region of current packet is stored into packet-matching-buffer. With the help of these steps, there are two advantages. The one is that it doesn't need to reassemble all fragment packets for intrusion detection. The other is that the size of buffer can be smaller than all fragment packet re-assembly and can be predictable as a constant size. The proposed method can be used efficiently to prevent malicious code of attacker for avoiding intrusion detection system.
- KSP 제안 키워드
- Constant Size, Intrusion detection system(IDS), Malicious code, Re-assembly, Used efficiently, pattern matching