TCP/IP Data Normalization
نویسندگان
چکیده
Defending networks against today's attackers is especially challenging for modern intrusion detection/prevention systems for two reasons: the sheer amount of state they must maintain, and the possibility of resource exhaustion attacks on the defense system itself. Our work shows how to cope with these challenges in the context of a TCP stream normalizer whose job is to detect all instances of inconsistent TCP retransmissions.
منابع مشابه
Implementation of a Software-Based TCP/IP Offload Engine Using Standalone TCP/IP without an Embedded OS
A number of TCP/IP offload engines have been developed to reduce the CPU load of processing TCP/IP, but most of them are implemented in hardware. Although hardware-based TOEs have a high performance, they lack the flexibility to accept changes in the TCP/IP. To preserve flexibility, we implemented a software-based TOE, called HLTCP 100134 (High-performance Lightweight TCP/IP). The HL-TCP is a s...
متن کاملDesign of a Lightweight TCP/IP Protocol Stack with an Event-Driven Scheduler
The traditional TCP/IP protocol stack is associated with shortcomings related to the context-switching overhead and redundant data copying. The software-based TOE (TCP/ IP Offload Engine), also known as lightweight TCP/IP, was developed to optimize the TCP/IP protocol stack to run on an embedded system. In this paper, we propose the design of a lightweight TCP/IP protocol stack that runs on an ...
متن کاملEvaluating Multipath TCP Resilience against Link Failures
Standard TCP is the de facto reliable transfer protocol for the Internet. It is designed to establish a reliable connection using only a single network interface. However, standard TCP with single interfacing performs poorly due to intermittent node connectivity. This requires the re-establishment of connections as the IP addresses change. Multi-path TCP (MPTCP) has emerged to utilize multiple ...
متن کاملطراحی کنترلگر تراکم پیشبین تطبیقی برپایه مدیریت فعال صف در مسیریابهای شبکه TCP
مدیریت فعال صف (AQM) با کلاس دور ریز/علامتگذاری کردن بستهها در صف مسیریابها بعنوان یک پیشنهاد جدید در کنترل تراکم شبکههای TCP/IP با پروتکل انتها به انتها مطرح شده است. مدیریت فعال صف در مسیریابهای شبکه TCP/IP به منظور بهرهبرداری بیشتر از پهنای باند موجود و کاهش تاخیر انتقال صورت میگیرد و یک مسئله کنترل پسخوردی است. با علم به این موضوع که دینامیک شبکههای TCP/IP متغیر با زمان و غیرخطی است...
متن کاملActive Mapping: Resisting NIDS Evasion without Altering Traffic
A critical problem faced by a Network Intrusion Detection System (NIDS) is that of ambiguity. The NIDS cannot always determine what traffic reaches a given host nor how that host will interpret the traffic, and attackers may exploit this ambiguity to avoid detection or cause misleading alarms. We present a novel, lightweight solution, Active Mapping, which eliminates TCP/IP-based ambiguity in a...
متن کامل