计算机工程与应用 ›› 2012, Vol. 48 ›› Issue (32): 1-4.

• 博士论坛 • 上一篇    下一篇

增强型Anti-Xprobe2的研究与设计

马君亮,汪西莉,何聚厚,肖  冰   

  1. 陕西师范大学 计算机科学学院,西安 710062
  • 出版日期:2012-11-11 发布日期:2012-11-20

Research and design of enhanced Anti-Xprobe2

MA Junliang, WANG Xili, HE Juhou, XIAO Bing   

  1. School of Computer Science, Shaanxi Normal University, Xi’an 710062, China
  • Online:2012-11-11 Published:2012-11-20

摘要: Anti-Xprobe2通过对数据报进行伪装,来防御Xprobe2操作系统指纹探测。针对其原有的事件分离模块采用建立静态数据集的方法来实现探测数据的分离,造成较高的误报率的问题,提出增强型Anti-Xprobe2方法,增加动态事件分离模块,根据探测数据包的时序特征对其进行处理,并使用有限状态机(FSM)对该模块进行了描述。经对比实验验证了增强型Anti-Xprobe2的有效性并减少了系统开销。

关键词: 网络安全, 网络驱动程序接口规范(NDIS), 操作系统指纹, 有限状态机(FSM), 增强型Anti-Xporbe2

Abstract: Anti-Xprobe2 defenses OS fingerprinting detection of Xprobe2 by camouflaging response packets. In this paper, aiming at that the separation of the detection data is achieved using a static data set in the original event separation module, which results in higher false alarm rate, the enhanced Anti-Xprobe2 is proposed. The dynamic event separation module is appended, which processes the probe packets based on the timing characteristics and is described by a Finite State Machine(FSM). The effectiveness of the proposed method is proved with comparative experimental results.

Key words: network security, Network Device Interface Specification(NDIS), Operating System(OS) fingerprinting, Finite State Machine(FSM), enhanced Anti-Xprobe2