Research On TCP Sequence Number Prediction Based On Chaotic Time Series

The rapid development of computer science and network technology provides us convenience in the production and livelihood in one hand; it also brings a lot of potential safety problems which can not be ignored in the other hand. These security risks breed a variety of network attack techniques. There are lots of organized attacks against the network every year. The attacks not only cause losses to society, but also likely endanger the country's information security.As the key protocol of Internet protocol suite, TCP adopts a series of measures which include three-way handshake, sliding window checking, retransmission and flow control to supply connection-oriented and reliable byte stream services. However, these complex mechanisms result in protocol flows, such as the pseudo distribution of TCP initial sequence number and the sliding window feature. It is reported that a number of related vulnerabilities are released nowadays, and initiating TCP sequence attack by predicting TCP sequence number have been a serious threat to the computer network security.It has been a long history of TCP sequence attack, but it is difficult to fix the TCP sequence number in the currenct connection, it did not arouse any concern to such attack. However, due to TCP window field feature, in the actual data transmission, it does not require the completely accurate sequence number, as long as the sequence number in the fake packet falls within the scope of the TCP window, the packet can be received normally by the recipient. Therefore, this feature greatly reduces the difficulty of attack. For a long-running TCP connection, an attacker can fake TCP packets to cut off TCP connection, resulting in denial of service attack (DOS).This thesis aims at the pseudo distribution of TCP ISN in current operating systems. Based on the analysis of ISN pseudo-random in TCP protocol stack, we bring chaotic time series predict model in TCP ISN prediction. Combined with the TCP window feature, we achieve TCP Reset attacks. The experiment results indicate that the algorithm has a high predict accuracy, and the method by means of TCP window improves the feasibility of TCP Reset attack.