ETRI-Knowledge Sharing Plaform

KOREAN
논문 검색
Type SCI
Year ~ Keyword

Detail

Conference Paper Fragment Packet Partial Re-assembly Method for Intrusion Detection
Cited 0 time in scopus Download 0 time Share share facebook twitter linkedin kakaostory
Authors
Bo Heung Chung, Jae Deok Lim, Seung Ho Ryu, Young Ho Kim, Ki Young Kim
Issue Date
2006-02
Citation
International Conference on Advanced Communication Technology (ICACT) 2006, pp.120-122
Language
English
Type
Conference Paper
Project Code
06MK1100, The Development of the High Performance Network Security System, Sohn Sung Won
Abstract
This paper proposes the Fragment Packet Partial Re-assembly Method for Intrusion Detection. In the proposed method, intrusion detection is performed detection not with all the fragment packets but with partial fragment packets. If fragment packet comes, packet-matching-buffer which contains the partial part of previous fragment packet and this packet will be merged into a packet-matching-buffer. After this work, pattern matching for this buffer is done. Finally, for the purpose of next packet coming, the partial region of current packet is stored into packet-matching-buffer. With the help of these steps, there are two advantages. The one is that it doesn't need to reassemble all fragment packets for intrusion detection. The other is that the size of buffer can be smaller than all fragment packet re-assembly and can be predictable as a constant size. The proposed method can be used efficiently to prevent malicious code of attacker for avoiding intrusion detection system.
KSP Keywords
Constant Size, Intrusion detection system(IDS), Malicious code, Re-assembly, Used efficiently, pattern matching