Journal of Xi'an Jiaotong University

Research on the Role-Based Fragment Audit Based on Network Processor
Gao Lei¹,Zhang Deyun¹,Li Jinku¹,Li Qinghai²
(1.School of Electronics and Information Engineering,Xi'an Jiaotong University,Xi'an 710049, China;
2.Northwest Power Ltd.Company,Xi'an 710049,China)

Abstract:A fragment audit model based on role was proposed to solve the problem that the network intrusion carried out by the policy of fragment reassembles according to the character is different in different OS leads to the decrease of the discernment of security audit systems.The main idea is as follows:while dealing with the malformed fragment,the collected OS classes of the terminate host are written into the role database.In order to eliminate the fragment semantic ambiguity,fragments were reassembled according to the role information and transmitted.To improve the performance,the BSD-Linux, the BSD-right and the first pre-forward policy were proposed. Applying the microengine design model of staged pipeline processing, the prototype was implemented well in a network processor.The experiments show that the fragment audit model could improve the discernment precision of security audit systems efficiently and eliminate the fragment semantic ambiguity.With the pre-forward policies, the discernment precision can be maintained about 90% in heavy processing load.
Keywords:fragment audit;fragment reassembly policy;fragment semantic ambiguity;pre-forward policy; network processor