Recombining TCP sessions based on finite state machine to detect cyber attackers
| Autor: | Zishuai Cheng, Baojiang Cui, Wenchuan Yang |
|---|---|
| Rok vydání: | 2019 |
| Předmět: |
021110 strategic
defence & security studies Finite-state machine Network packet Computer science business.industry ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS Payload (computing) 0211 other engineering and technologies 02 engineering and technology Application layer law.invention Data flow diagram law Spark (mathematics) Internet Protocol 0202 electrical engineering electronic engineering information engineering 020201 artificial intelligence & image processing Session (computer science) business Computer network |
| Zdroj: | ICCSP |
| DOI: | 10.1145/3309074.3309084 |
| Popis: | Attacks in the cyberspace is becoming more and more diverse and complex. Many attackers divide the payload in a TCP package into a set of IP packets. Though traditional attack detecting methods designed based on feature matching algorithm can only analyze a single IP packet, the cannot comprehensively analyze multi-packets. Therefore, the traditional methods cannot effectively detect the attackers' payload that are split up into multi-packets. Consequently, it is quite necessary to reassemble packets on the application layer and restore the payload that is distributed in multiple packets. Then, we can analyze the complete attacker's payload flexibly. In this work, we propose a TCP session bidirectional data flow reassembly method based the Finite State Machine (FSM). Besides, we evaluate the performance of our work using the Spark platform. Simulation results show that our method is of high accuracy and good performance in expansibility. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|