期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

增强型Anti-Xprobe2的研究与设计 被引量:2

Research and design of enhanced Anti-Xprobe2
在线阅读 下载PDF
导出
摘要 Anti-Xprobe2通过对数据报进行伪装,来防御Xprobe2操作系统指纹探测。针对其原有的事件分离模块采用建立静态数据集的方法来实现探测数据的分离,造成较高的误报率的问题,提出增强型Anti-Xprobe2方法,增加动态事件分离模块,根据探测数据包的时序特征对其进行处理,并使用有限状态机(FSM)对该模块进行了描述。经对比实验验证了增强型Anti-Xprobe2的有效性并减少了系统开销。 Anti-Xprobe2 defenses OS fingerprinting detection of Xprobe2 by camouflaging response packets. In this paper, aiming at that the separation of the detection data is achieved using a static data set in the original event separation module, which results in higher false alarm rate, the enhanced Anti-Xprobe2 is proposed. The dynamic event separation module is appended, which processes the probe packets based on the timing characteristics and is described by a Finite State Machine (FSM). The effectiveness of the proposed method is proved with comparative experimental results.
作者 马君亮 汪西莉 何聚厚 肖冰
机构地区 陕西师范大学计算机科学学院
出处 《计算机工程与应用》 CSCD 2012年第32期1-4,112,共5页 Computer Engineering and Applications
基金 国家自然科学基金(No.41171338) 中央高校基本科研业务费专项资金项目(No.GK201102009) 陕西师范大学青年科技项目(No.201001003)
关键词 网络安全 网络驱动程序接口规范(NDIS) 操作系统指纹 有限状态机(FSM) 增强型Anti—Xporbe2 network security Network Device Interface Specification (NDIS) Operating System (OS) fingerprint-ing Finite State Machine(FSM) enhanced Anti-Xprobe2
分类号 TP311.13 [自动化与计算机技术—计算机软件与理论]
  • 相关文献

参考文献13

  • 1中国信息安全测评中心中国国家信息安全漏洞库.信息安全漏洞月通报[EB/OL].[2012-02].http://www.cnnvd.org.cn/news/jkl/id/1330997640.pdf/pid/1022.
  • 2Trowbridge C.An overview of remote operating system fingerprinting[EB/OL].[2011-07].http://www.sans.org/rr/whitepapers/testing/1231.php.
  • 3Jiang Wei-hua,Li Wei-hua,Du Jun.The application of ICMP in network scanning[C]//Parallel and Distributed Computing,Applications and Technologies.Chengdu:IEEE Inc,2003:904-906.
  • 4Arkin O,Yarochkin F.Xprobe2-a“fuzzy”approach to remote active operating system fingerprinting[EB/OL].[2011-06].http://www.sys-security.com/archive/papers/Xprobe2.pdf.
  • 5Arkin O,Yarochkin F.The present and future of Xprobe2-the next generation of active operating system finger-printing[EB/OL].[2011-06].http://www.sys-security.com/archive/papers.
  • 6Yarochkin F V,Arkin O,Kydyraliev M.Xporbe2++:low volume remote network information gathering tool[C]//Dependable Systems&Networks.Estoril:IEEE/IFIP,2009:205-210.
  • 7马君亮,何聚厚,冯德民.基于NDIS的Anti-Xprobe2实现技术研究[J].航空计算技术,2006,36(2):67-69. 被引量:2
  • 8Wagner F,Schmuki R,Wagner T.Modeling software with finite state machines:a practical approach[M].[S.l.]:Auer-bach Publications,2006.
  • 9Lee L C.Interception and automating blocking of malicious traffic based on NDIS intermediate drive[EB/OL].[2012-02].http://www.sans.org.
  • 10Antognini J,Divine T F.Extending the Microsoft PassThru NDIS intermediate driver-part2:two IP address blocking NDIS IM drivers[EB/OL].[2011-06].http://www.wd-3.com/archive/ExtendingPassthru2.htm.

二级参考文献12

  • 1朱燕辉.Windows防火墙与网络封包截获技术[M].北京:电子工业出版社,2002..
  • 2CERT Coordination Center.CERT Annual Reports[EB/OL]].http://www.cert.org/,2004-12.
  • 3Chris Trowbridge.An Overview of Remote Operating System Fingerprinting[J/OL].http://www.sans.org/rr/ whitepapers/testing/1231.php,2003-7.
  • 4Jiang Wei-hua,Li Wei-hua,Du Jun.The Application of ICMP in network Scanning[J].IEEE,2003.
  • 5Ofir Arkin,Fyodor Yarochkin.XProbe2-A 'Fuzzy' Approach to Remote Active Operating System Fingerprinting[EB/OL].http://www.sys-security.com/ archive/ papers/Xprobe2.pdf,2002-8.
  • 6Ofir Arkin,Fyodor Yarochkin.The Present and Future of Xprobe2-The Next Generation of Active Operating System Fingerprinting[EB/OL].http://www.sys-security.com/ archive/papers,2005-2.
  • 7MICROSOFT.DDK for Windows2000[CP/DK].2000-8.
  • 8GR Malan,D Watson,F Jahanian,,P.Howell.Transport and Application Protocol Scrubbing[A].IEEE INFOCOM[C].Israel:IEEE Inc,2000.1381-1390.
  • 9Matthew Smart,G.Rober Malan,Farnam Jahanian.Defeating TCP/IP Stack Fingerprinting[C].The 9TH USENIX Security Symposium,Denver,Colorado,2000.229-240.
  • 10He Ju-hou,He Xiu-qing,Li Wei-hua.A Practical Defense System for Remote OS Detection[C].ICISA ACNS04,Yellow Mountain,China,2004.135-140.

共引文献1

同被引文献11

  • 1ZHOU H F, WU C M, JIANG M, et al. Evolving defense mechanism for future network security [ J]. IEEE Communications Magazine, 2015, 53(4): 45-51.
  • 2ATIGHETCHI M, PAL P, WEBBER F, et al. Adaptive use of network-centric mechanisms in cyber defense [ C]//Proceedings of the 2003 6th IEEE International Symposium on Object-oriented Realtime Distributed Computing. Washington, DC: IEEE Computer Society, 2003:183 - 192.
  • 3KIM Y-H, PARK W H. A study on cyber threat prediction based on intrusion detection event for APT attack detection [ J]. Multimedia Tools and Applications, 2014, 71(2):685 -698.
  • 4TRIFERO S, CALLAWAY D. Linux stealth patch [EB/OL]. [ 2013- 10- 29]. https://packetstormsecurity, corn/files/download/ 29706/linux-2.2.22-stealth. diff. gz.
  • 5REHMET G. FreeBSD blackhole [ EB/OL] . [2013-10-29]. http://www, gsp. com/cgi-bin/man, cgi? section = 4&topic = blackhole.
  • 6HARTMEIER D. OpenBSD packet filter[EB/OL]. [2013-10-06]. http://www.openbsd, org/faq/pf/index.html.
  • 7ROUALLAND G, SAFFROY J M. IP personality [EB/OL]. [2013-10- 06]. http://ippersonality.sourceforge.net.
  • 8DARREN REED. Fingerprint Fucker [ EB/OL]. [ 2013- 10- 06].http://packetstormsecurity.org/UNIX/misc/bsdfpf.tar.gz.
  • 9CRENSHAW A. OSfuscate: change your Windows OS TCP/IP fingerprint to confuse POf, Network Miner, Ettercap, Nmap and other OS detection tools [ EB/OL]. [ 2013- 11- 01 ]. http://www.irongeek. corral, php?page = security/osfuscate-change-your-windows.ostcp-ip-fingerprint-to-confuse-p0f-networ km iner-ettercap-nmap-and- other-os -detection -tools.
  • 10PRIGENT G, VICHOT F, HARROUET F. IpMorph: fingerprinting spoofing unification [ J]. Journal in Computer Virology, 2010, 6(4) : 329 -342.

引证文献2

二级引证文献4

计算机工程与应用
2012年 第32期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部