| 一种状态检测防火墙的攻击防御机制 |
| |
| 引用本文: | 阎波,李广军. 一种状态检测防火墙的攻击防御机制[J]. 电子科技大学学报(社会科学版), 2005, 0(4) |
| |
| 作者姓名: | 阎波 李广军 |
| |
| 作者单位: | 电子科技大学通信与信息工程学院 成都610054(阎波),电子科技大学通信与信息工程学院 成都610054(李广军) |
| |
| 摘 要: | 讨论了一种在Linux操作系统内核防火墙的攻击防御机制,提出了检测网络攻击的机制和总体架构。在Linux操作系统防火墙的基础上构建了攻击防御框架,针对不同的攻击模式,该框架提供相应的状态检测方法判定攻击的发生并使攻击不能成功。提出的攻击防御体系具有通用、可扩展的特点,可以有效克服传统包过滤防火墙在抗攻击和入侵检测方面的局限性。结果表明:该攻击防御机制可以显著改善防火墙系统的IP安全性。
|
| 关 键 词: | Linux操作系统 状态检测 防火墙 网络攻击 IP安全性 |
An Attack Defense System Based on State Detection Firewall of Linux |
| |
| YAN Bo,LI Guang-jun. An Attack Defense System Based on State Detection Firewall of Linux[J]. Journal of University of Electronic Science and Technology of China(Social Sciences Edition), 2005, 0(4) |
| |
| Authors: | YAN Bo LI Guang-jun |
| |
| Abstract: | The principle of attack defense realized in a firewall embedded in Linux kernel has been discussed. Based on the analysis of characteristic of network attack, the mechanism and architecture of attack defense are built in accordance. Through the introduce of stateful detection, the attack defense framework is built to determine and prevent the deportment of various attack. Thereafter, the architecture of attack-removed system can be expected to be general-purpose and easy to be extended. The performance of the whole firewall system is enhanced because the attack defense system effectively overcomes the limitation of conventional packet-filtering firewall. The experiments for validating the improvement of IP security are given as well as the research work. |
| |
| Keywords: | Linux operate system stateful detection firewall attack IP security |
| 本文献已被 CNKI 等数据库收录! |
