Internal tracing method for network attack detection
First Claim
1. An internal tracing method for network attack detection, for testing a network intrusion detection system (IDS), comprising:
- establishing a network topology structure having an attack end point (AEP), a detect end point (DEP), and a target end point (TEP) in a test network;
installing all types of attack tools and an AEP routine at the AEP, installing a pre-customized Snort IDS and a DEP routine at the DEP, and installing a statistics routine at the TEP;
the AEP classifying the attack types of attack data packets, and setting a check point for capturing information in the data packets according to the classification information;
the DEP setting corresponding check points in different phases, storing all setting options to be a script file, and sending the script file to the other end points;
the AEP sending the attack data packets for test to the DEP or the TEP through the distributed script file, and outputting the check point information to a draft to be stored;
the DEP monitoring the attack data packets sent from the AEP through a bypass interception mode, and outputting the check point information to a draft in a log mode to be stored;
the TEP detecting the received attack data packets, recording the logs, and outputting the logs to a draft to be stored; and
the DEP collecting the drafts from the other end points at the end of the attack task, matching the flow information of each attack data packet in all the drafts, and then generating a final test report upon analysis.
1 Assignment
0 Petitions
Accused Products
Abstract
An internal tracing method for network attack detection is used to trace whole life cycle of an attack data packet for test in different phases such as an attacking phase, a defending phase, and an attacked phase through configuring and uniting three parties including an attack end point (AEP), a detect end point (DEP), and a target end point (TEP) and setting a corresponding internal check point in each part when testing a network intrusion detection system (IDS). In other words, when testing the network IDS, in a whole period that the attack data packet for test is attacking, filtered, detected, and finally transmitted to a target host, a tester may clearly know the statuses and information of the data packet in each important phase, thereby generating a test report conveniently, quickly, and accurately.
-
Citations
7 Claims
-
1. An internal tracing method for network attack detection, for testing a network intrusion detection system (IDS), comprising:
-
establishing a network topology structure having an attack end point (AEP), a detect end point (DEP), and a target end point (TEP) in a test network; installing all types of attack tools and an AEP routine at the AEP, installing a pre-customized Snort IDS and a DEP routine at the DEP, and installing a statistics routine at the TEP; the AEP classifying the attack types of attack data packets, and setting a check point for capturing information in the data packets according to the classification information; the DEP setting corresponding check points in different phases, storing all setting options to be a script file, and sending the script file to the other end points; the AEP sending the attack data packets for test to the DEP or the TEP through the distributed script file, and outputting the check point information to a draft to be stored; the DEP monitoring the attack data packets sent from the AEP through a bypass interception mode, and outputting the check point information to a draft in a log mode to be stored; the TEP detecting the received attack data packets, recording the logs, and outputting the logs to a draft to be stored; and the DEP collecting the drafts from the other end points at the end of the attack task, matching the flow information of each attack data packet in all the drafts, and then generating a final test report upon analysis. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
Specification