Network-Level Length-Based Intrusion Detection System

As the transmission of data on the Internet increases, the need to protect connected systems also increases. Most existing network-based signatures are specific to exploit and can be easily evaded. In this paper, the authors proposed generating vulnerability-driven signatures at network level withou...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:I-Manager's Journal on Software Engineering Ročník 5; číslo 2; s. 31 - 36
Hlavní autoři: Jeya, S., Pillai, S. Muthu Perumal
Médium: Journal Article
Jazyk:angličtina
Vydáno: Nagercoil iManager Publications 01.10.2010
Témata:
Intrusion
IP (Internet Protocol)
Networks
Preprocessing
Signatures
TCP (protocol)
TCP/IP (protocol)
Worms
ISSN:0973-5151, 2230-7168
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:As the transmission of data on the Internet increases, the need to protect connected systems also increases. Most existing network-based signatures are specific to exploit and can be easily evaded. In this paper, the authors proposed generating vulnerability-driven signatures at network level without any host-level analysis of worm execution or vulnerable programs. This implementation considers both temporal and spatial information of network connections. This is helpful for identification of complex anomalous behaviors. For detecting the unknown intrusions the proper knowledge base is to be formed after preprocessing the packets captured from the network. As the first step, they design a network-based length-based signature generator (LESG) for the worms exploiting buffer overflow vulnerabilities. This work is focused on the TCP/IP network protocols.
Bibliografie:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ObjectType-Article-2
ObjectType-Feature-1
content type line 23
ISSN:0973-5151
2230-7168
DOI:10.26634/jse.5.2.1333