期刊文献+

一种基于容器的Cisco IOS-XE系统入侵检测方法

Container-based Intrusion Detection Method for Cisco IOS-XE
下载PDF
导出
摘要 IOS-XE网络操作系统被广泛地应用于Cisco核心路由交换节点中,其安全性非常重要。然而由于其设计时专注于数据的快速转发功能,缺少对自身的安全的防护,因而面临重大的风险。此外,现有的针对传统IOS系统的入侵检测方法移植到IOS-XE系统后存在实时性差、检测结果不准确、检测覆盖面不全等问题。为了加强IOS-XE系统自身的安全,提出了一种基于容器的CiscoIOS-XE系统入侵检测方法,通过在路由器上部署检测容器,实时监控路由器状态变化和用户访问请求,解决了配置隐藏攻击检测、路由器https管控流量解密以及路由器状态实时监控等问题,实现了对IOS-XE系统入侵行为的实时检测。实验结果表明,所提方法可有效检测针对IOS-XE路由器的常见攻击行为,包括口令猜解、Web注入、CLI注入、配置隐藏和后门植入等,与已有的检测方法相比具有较高的实时性和准确性,有效提升了IOS-XE路由设备的防护能力。 IOS-XE network operating system is widely used in Cisco core routing and switching nodes,and its security is very important.However,its design focuses on the traffic fast-forwarding function and ignores protection for its own security which makes it faces great risks.In addition,the existing intrusion detection methods for traditional IOS system have problems such as poor real-time performance,inaccurate detection results and incomplete detection coverage when transplanted to the IOS-XE system.In order to strengthen the security of the IOS-XE system,this paper proposes a container-based intrusion detection method for Cisco IOS-XE system which can monitor the router states and requests in real time by deploying a detection container on the router.It solves the problems of configuration hidden attack detection,router https control traffic decryption and router state real-time monitor,which helps to detect the intrusion behavior of IOS-XE in real time.Experimental results show that this method can effectively detect common attacks against IOS-XE routers,including password guessing,Web injection,CLI injection,configuration hidden and backdoor implantation.Compared with existing detection methods,the proposed method has higher real-time performance and accuracy,and effectively improves the defense capability of IOS-XE routing devices.
作者 杨鹏飞 蔡瑞杰 郭世臣 刘胜利 YANG Pengfei;CAI Ruijie;GUO Shichen;LIU Shengli(State Key Laboratory of Mathematical Engineering and Advanced Computing,Zhengzhou 450001 China;Information Engineering University,Zhengzhou 450001,China)
出处 《计算机科学》 CSCD 北大核心 2023年第4期298-307,共10页 Computer Science
基金 科技委基础加强项目(2019-JCJQ-ZD-113)。
关键词 CISCO IOS-XE 容器 配置隐藏攻击 命令注入 入侵检测 Cisco IOS-XE Container Configuration hidden attack Command injection Intrusion detection
  • 相关文献

参考文献1

二级参考文献1

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部