The Research And Implementation Of Network Attack Sample Generation Technology

The network attack phenomenon frequently makes network security issue become important, For network attacks, most of the traditional defense methods adopt passive defense strategy , the network administrator draw up a certain security strategy, and on the basis of the establishment support security model strategy, such as firewall technology. But in fact, we need to fully understand and analyze the criminals attack behavior, from passive defense attacks into active containment behavior, and network attack sample generation technology is an active means of containment.At present, attack sample generation technology are mostly built attack scenarios, then launch an attack with the attack tools or malicious code to generate attack traffic, finally the traffic will be saved as attack sample files. But this approach is limited by building attack scenarios,attacks often lack diversity and authenticity. Therefore, this paper puts forward and implement an attack sample generation system based on intrusion detection technology, the system can capture network packets at high speed and cache them, then the data packet is analyzed and detected accurately, and convert the attack stream to the attack sample.In this paper, we introduce an intrusion detection system based on intrusion detection technology, which can realize the function of data preprocessing, data packet caching and data stream preservation. Attack sample generation system will capture the data packets according to the five tuple information that is source IP, destination IP, protocol, source port, destination port, then combined them into data stream, then preprocess the network data stream, and use the HASH function to hash mapping the data stream five tuple content, then store the data stream into the hash table, then system will detect the captured packets, when the system detect a data packet carrying attack features, writes all network data packets cached in the hash table structure to the sample file, generate the attack sample. Also, in order to avoid the waste of the hash table memory resources, the system uses the most recently used timeout strategy to manage the data flow of the hash table, and use the daemon thread for the data flow timeout detection, if there is a timeout data stream in the hash table, the data flow will remove from the hash table.