Attack defense system based on state detection firewall of Linux

Bo Yan; Guang Jun Li

Attack defense system based on state detection firewall of Linux

Bo Yan^*, Guang Jun Li

^*Corresponding author for this work

University of Electronic Science and Technology of China

Research output: Contribution to journal › Article › peer-review

1 Citation (Scopus)

Abstract

The principle of attack defense realized in a firewall embedded in Linux kernel has been discussed. Based on the analysis of characteristic of network attack, the mechanism and architecture of attack defense are built in accordance. Through the introduce of stateful detection, the attack defense framework is built to determine and prevent the deportment of various attack. Thereafter, the architecture of attack-removed system can be expected to be general-purpose and easy to be extended. The performance of the whole firewall system is enhanced because the attack defense system effectively overcomes the limitation of conventional packet-filtering firewall. The experiments for validating the improvement of IP security are given as well as the research work.

Original language	English
Pages (from-to)	509-512
Number of pages	4
Journal	Dianzi Keji Daxue Xuebao/Journal of the University of Electronic Science and Technology of China
Volume	34
Issue number	4
Publication status	Published - Aug 2005
Externally published	Yes

Keywords

Attack
Firewall
IP security
Linux operate system
Stateful detection

Cite this

@article{84f5e53fdfea4a4da4791a2345b90b02,

title = "Attack defense system based on state detection firewall of Linux",

abstract = "The principle of attack defense realized in a firewall embedded in Linux kernel has been discussed. Based on the analysis of characteristic of network attack, the mechanism and architecture of attack defense are built in accordance. Through the introduce of stateful detection, the attack defense framework is built to determine and prevent the deportment of various attack. Thereafter, the architecture of attack-removed system can be expected to be general-purpose and easy to be extended. The performance of the whole firewall system is enhanced because the attack defense system effectively overcomes the limitation of conventional packet-filtering firewall. The experiments for validating the improvement of IP security are given as well as the research work.",

keywords = "Attack, Firewall, IP security, Linux operate system, Stateful detection",

author = "Bo Yan and Li, \{Guang Jun\}",

year = "2005",

month = aug,

language = "English",

volume = "34",

pages = "509--512",

journal = "Dianzi Keji Daxue Xuebao/Journal of the University of Electronic Science and Technology of China",

issn = "1001-0548",

publisher = "University of Electronic Science and Technology of China",

number = "4",

}

TY - JOUR

T1 - Attack defense system based on state detection firewall of Linux

AU - Yan, Bo

AU - Li, Guang Jun

PY - 2005/8

Y1 - 2005/8

N2 - The principle of attack defense realized in a firewall embedded in Linux kernel has been discussed. Based on the analysis of characteristic of network attack, the mechanism and architecture of attack defense are built in accordance. Through the introduce of stateful detection, the attack defense framework is built to determine and prevent the deportment of various attack. Thereafter, the architecture of attack-removed system can be expected to be general-purpose and easy to be extended. The performance of the whole firewall system is enhanced because the attack defense system effectively overcomes the limitation of conventional packet-filtering firewall. The experiments for validating the improvement of IP security are given as well as the research work.

AB - The principle of attack defense realized in a firewall embedded in Linux kernel has been discussed. Based on the analysis of characteristic of network attack, the mechanism and architecture of attack defense are built in accordance. Through the introduce of stateful detection, the attack defense framework is built to determine and prevent the deportment of various attack. Thereafter, the architecture of attack-removed system can be expected to be general-purpose and easy to be extended. The performance of the whole firewall system is enhanced because the attack defense system effectively overcomes the limitation of conventional packet-filtering firewall. The experiments for validating the improvement of IP security are given as well as the research work.

KW - Attack

KW - Firewall

KW - IP security

KW - Linux operate system

KW - Stateful detection

UR - http://www.scopus.com/inward/record.url?scp=25144514448&partnerID=8YFLogxK

M3 - Article

AN - SCOPUS:25144514448

SN - 1001-0548

VL - 34

SP - 509

EP - 512

JO - Dianzi Keji Daxue Xuebao/Journal of the University of Electronic Science and Technology of China

JF - Dianzi Keji Daxue Xuebao/Journal of the University of Electronic Science and Technology of China

IS - 4

ER -

Attack defense system based on state detection firewall of Linux

Abstract

Keywords

Other files and links

Fingerprint

Cite this