基于统计分析的异常访问IP报文特征提取

Third International Conference on Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP 2007) Pub Date : 2007-11-26 DOI:10.1109/IIH-MSP.2007.400

S. Oshima, T. Nakashima, Y. Nishikido

{"title":"基于统计分析的异常访问IP报文特征提取","authors":"S. Oshima, T. Nakashima, Y. Nishikido","doi":"10.1109/IIH-MSP.2007.400","DOIUrl":null,"url":null,"abstract":"To defend DoS (denial of service) Attacks, the access filtering mechanism is adopted on the end servers or the IDS (intrusion detection system). The difficulty to define the filtering rules comes from the hardness to identify normal and anomaly packets from the incoming packets. In this paper, we analyze the amount of incoming packet to our college and extract characters of IP packets classified by the source and destination IP addresses and destination port numbers. We can clearly identify the countries and providers of denial packets and extract the characters of crawls of search engines.","PeriodicalId":385132,"journal":{"name":"Third International Conference on Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP 2007)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-11-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Extraction for Characteristics of Anomaly Accessed IP Packets Based on Statistical Analysis\",\"authors\":\"S. Oshima, T. Nakashima, Y. Nishikido\",\"doi\":\"10.1109/IIH-MSP.2007.400\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"To defend DoS (denial of service) Attacks, the access filtering mechanism is adopted on the end servers or the IDS (intrusion detection system). The difficulty to define the filtering rules comes from the hardness to identify normal and anomaly packets from the incoming packets. In this paper, we analyze the amount of incoming packet to our college and extract characters of IP packets classified by the source and destination IP addresses and destination port numbers. We can clearly identify the countries and providers of denial packets and extract the characters of crawls of search engines.\",\"PeriodicalId\":385132,\"journal\":{\"name\":\"Third International Conference on Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP 2007)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2007-11-26\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Third International Conference on Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP 2007)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IIH-MSP.2007.400\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Third International Conference on Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP 2007)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IIH-MSP.2007.400","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

摘要

为了防御DoS (denial of service)攻击，终端服务器或入侵检测系统通常采用访问过滤机制。定义过滤规则的困难在于很难从传入报文中识别正常和异常报文。本文分析了我院接收到的数据包数量，并根据源、目的IP地址和目的端口号对IP数据包进行了特征提取。我们可以清楚地识别出拒绝数据包的国家和提供商，并提取出搜索引擎爬虫的特征。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Extraction for Characteristics of Anomaly Accessed IP Packets Based on Statistical Analysis

To defend DoS (denial of service) Attacks, the access filtering mechanism is adopted on the end servers or the IDS (intrusion detection system). The difficulty to define the filtering rules comes from the hardness to identify normal and anomaly packets from the incoming packets. In this paper, we analyze the amount of incoming packet to our college and extract characters of IP packets classified by the source and destination IP addresses and destination port numbers. We can clearly identify the countries and providers of denial packets and extract the characters of crawls of search engines.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Third International Conference on Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP 2007)

自引率

0.00%

发文量