西安交通大学学报
西安交通大學學報
서안교통대학학보
JOURNAL OF XI'AN JIAOTONG UNIVERSITY
2010年
4期
52-56
,共5页
协议攻击%状态转移%检测方法
協議攻擊%狀態轉移%檢測方法
협의공격%상태전이%검측방법
protocol attack%state transition%detection method
针对802.1X协议存在一定漏洞且易受重放、拒绝服务等攻击,结合802.1X协议的认证过程,抽象出802.1X协议认证的状态转移过程,同时针对802.1X协议的功能性攻击,构造出一套攻击状态转移机制:分析802.11报文和基于局域网的扩展认证协议(EAPOL)/扩展认证协议(EAP) 报文的结构;剔除出重传的报文,逐个字段解析出关键字并存入链表中;将根据EAPOL/EAP报文格式取得检测所需的EAP报文存入缓存.据此,设计出基于状态机的802.1X的攻击检测方法.实验结果表明,在实际组网环境下的重放/DoS等802.1X功能性攻击能够得到准确的检测,并具有有效、统一的检测结果.
針對802.1X協議存在一定漏洞且易受重放、拒絕服務等攻擊,結閤802.1X協議的認證過程,抽象齣802.1X協議認證的狀態轉移過程,同時針對802.1X協議的功能性攻擊,構造齣一套攻擊狀態轉移機製:分析802.11報文和基于跼域網的擴展認證協議(EAPOL)/擴展認證協議(EAP) 報文的結構;剔除齣重傳的報文,逐箇字段解析齣關鍵字併存入鏈錶中;將根據EAPOL/EAP報文格式取得檢測所需的EAP報文存入緩存.據此,設計齣基于狀態機的802.1X的攻擊檢測方法.實驗結果錶明,在實際組網環境下的重放/DoS等802.1X功能性攻擊能夠得到準確的檢測,併具有有效、統一的檢測結果.
침대802.1X협의존재일정루동차역수중방、거절복무등공격,결합802.1X협의적인증과정,추상출802.1X협의인증적상태전이과정,동시침대802.1X협의적공능성공격,구조출일투공격상태전이궤제:분석802.11보문화기우국역망적확전인증협의(EAPOL)/확전인증협의(EAP) 보문적결구;척제출중전적보문,축개자단해석출관건자병존입련표중;장근거EAPOL/EAP보문격식취득검측소수적EAP보문존입완존.거차,설계출기우상태궤적802.1X적공격검측방법.실험결과표명,재실제조망배경하적중방/DoS등802.1X공능성공격능구득도준학적검측,병구유유효、통일적검측결과.
There are some loopholes in 802. 1X protocol such as replay attacks, DoS (Denial of Service) attacks and so on. The paper presents an state transition process for certification of 802. 1X, and designs an attack state transfer mechanism for functional attacks. The architecture of 802. 11 frames, EAPOL frames and EAP frames are analyzed. The replay frames are deleted and keywords are abstracted and saved from the list of remaining frames one by one. Then the EAP frames which are required for detection are saved in the cache. The security detection method of 802. 1X is designed based on the state transition mechanism. Experimental results show that functional attacks of 802. 1X such as replay/DoS attacks can be detected accurately in real network environments, and the detection is effective and consistent.
