RESEARCH ON IP FLOW FORMAT AND SEMANTIC FORMALIZATION

The robustness of the i mplementation in IPprotocol is the key to ensure the well data trans mis-sion.IPreassemblyis ani mportant module inthe IPprotocol.The IP fragment reassembly policies aredifferent in different OSes.Making use of the char-acter of IPfragment reassembly policy,attackers canevade the detection of audit systemand penetrate thedefense1].However many audit systems just audit IPpackets without reassembly.Even the module offragment reassembly is i mplemented,an audit sys-…

RESEARCH ON IP FLOW FORMAT AND SEMANTIC FORMALIZATION

Malformed packets and overlapping fragments are harmful to Intranet end hosts. A formalization engine was introduced to formalize transit packets and reassemble fragments to eliminate the fragment semantic ambiguity. In the formalization engine, malformed packets are formalized by a packet verification engine layer according to protocol standards. In order to eliminate the fragment semantic ambiguity, OS classes of end hosts were collected by an OS detector, each fragment was reassembled according to its OS class. According to the reassembly algorithm of different OS, the pre-forward fields of the cached data were counted with the application of the preforward policies and were transmitted to save system resource. Applying the BSD-Linux pre-forward policy, the BSD- right pre-forward policy and the First pre-forward policy, the packet loss rate is dropped and system performance improved. The experiments show that the identification precision can be maintained about 90% in heavy processing load.