Title :
Fragment packet partial re-assembly method for intrusion detection
Author :
Chung, Bo-heung ; Lim, Jae-Deok ; Ryu, Seung-Ho ; Kim, Young-Ho ; Kim, Ki-Young
Author_Institution :
Electron. & Telecommun. Res. Inst.
Abstract :
This paper proposes the fragment packet partial re-assembly method for intrusion detection. In the proposed method, intrusion detection is performed not with all the fragment packets but with partial fragment packets. If the fragment packet comes, the packet-matching-buffer containing the partial part of the previous fragment packet and this packet is merged into a packet-matching-buffer. After this work, pattern matching for this buffer is done. Finally, for the purpose of the next packet, the partial region of the current packet is stored into the packet-matching-buffer. With the help of these steps, there are two advantages. The one is that it doesn´t need to re-assemble all fragment packets for intrusion detection. The other is that the size of buffer can be smaller than all fragment packet re-assembly and can be predictable as a constant size. The proposed method can be used efficiently to prevent malicious code of attackers for avoiding intrusion detection system
Keywords :
pattern matching; security of data; fragment packet partial reassembly method; intrusion detection; malicious attacker code; packet-matching-buffer; partial fragment packets; pattern matching; Assembly; Buffer storage; Change detection algorithms; Delay; Intrusion detection; Merging; Pattern matching; Fragment Packet; Intrusion Detection; Partial Re-assembly;
Conference_Titel :
Advanced Communication Technology, 2006. ICACT 2006. The 8th International Conference
Conference_Location :
Phoenix Park
Print_ISBN :
89-5519-129-4
DOI :
10.1109/ICACT.2006.205933
