J4 ›› 2012, Vol. 39 ›› Issue (3): 149-153+165.doi: 10.3969/j.issn.1001-2400.2012.03.024

• 研究论文 • 上一篇    下一篇

模式匹配与校验和相结合的IP协议识别方法

杨洁1;刘聪锋2
  

  1. (1. 西安邮电学院 通信与信息工程学院,陕西 西安  710121;
    2. 西安电子科技大学 电子对抗研究所,陕西 西安  710071)
  • 收稿日期:2011-03-24 出版日期:2012-06-20 发布日期:2012-07-03
  • 通讯作者: 杨洁
  • 作者简介:杨洁(1976-),女,副教授,E-mail: yangjie@xupt.edu.cn.
  • 基金资助:

    国家自然科学基金资助项目(61072107);陕西省教育厅自然科学类专项科研计划资助项目(11JK1014);中央高校基本科研业务费专项资金资助项目(JY10000902025);博士后基金资助项目(20090451251);陕西省工业攻关资助项目(2009K08-31)

IP protocol identification method using the pattern match and check sum

YANG Jie1;LIU Congfeng2   

  1. (1. School of Commun. and Info., Xi'an Univ. of Posts & Telecommunications, Xi'an  710121, China;
    2. Research Inst. of Electronic Countermeasures, Xidian Univ., Xi'an  710071, China)
  • Received:2011-03-24 Online:2012-06-20 Published:2012-07-03
  • Contact: YANG Jie

摘要:

为了减少入侵检测系统中误报和漏报的发生概率,提高对应用层协议进行详细分析的准确率,针对以太网数据包提出了一种将模式匹配算法和IP校验和计算相结合的IP协议识别方法.该方法首先根据IP报头的静态特征对以太数据包进行模式匹配,再结合报头校验和计算来识别该数据包所属类型是否为IP协议.通过在Visual C++软件环境下运行基于给定数据样本的仿真程序,验证了该方法的正确性和可靠性,从而为上层协议的识别提供了理论基础和识别算法.

关键词: 入侵检测, IP协议识别, 模式匹配, 校验和

Abstract:

In order to reduce the probability of report mistakes and pretermission which is likely to happen, and to improve the nicety of explicating application-level protocols in an intrusion detection system, a method is proposed to identify the IP protocol using the pattern match algorithm and IP header check sum calculation for Ethernet data packs. Firstly, Ethernet data packs are matched with some static characters of the IP header in the proposed method, and then IP protocol check sum calculation is done. As a result, whether the type that the data packs belong to is IP protocol or not can be identified finally. Under the Visual C++software condition, simulations prove the validity and reliability of the proposed method by running the simulated programme based on the data swatch which has been listed. And so the correctness of identifying upper protocols in the future is able to be ensured.

Key words: intrusion detection, IP protocol identification, pattern match, check sum