Undermining an anomaly-based intrusion detection system using common exploits
作者: Kymie M. C. Tan , Kevin S. Killourhy , Roy A. Maxion
关键词: Intrusion 、 Offensive 、 System call 、 Anomaly-based intrusion detection system 、 Adversary 、 Exploit 、 Anomaly (physics) 、 Computer security 、 Computer science 、 Intrusion detection system
摘要: Over the past decade many anomaly-detection techniques have been proposed and/or deployed to provide early warnings of cyberattacks, particularly those attacks involving masqueraders and novel methods. To date, however, there appears be no study which has identified a systematic method that could used by an attacker undermine anomaly-based intrusion detection system. This paper shows how adversary can craft offensive mechanism renders detector blind presence on-going, common attacks. It presents identifies weaknesses detector, manipulate exploit weaknesses. The explores implications this threat, suggests possible improvements for existing future systems.
springer.com
thc.org
core.ac.uk参考文章(12)
Sandeep Kumar, Classification and detection of computer intrusions Purdue University. ,(1996)
Timothy N. Newsham, Thomas H. Ptacek, Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection ,(1998)
Aaron Schwartzbard, Michael Schatz, Anup K. Ghosh, Learning program behavior profiles for intrusion detection ID'99 Proceedings of the 1st conference on Workshop on Intrusion Detection and Network Monitoring - Volume 1. pp. 6- 6 ,(1999)
Steven A. Hofmeyr, Stephanie Forrest, Anil Somayaji, Intrusion detection using sequences of system calls Journal of Computer Security. ,vol. 6, pp. 151- 180 ,(1998) , 10.3233/JCS-980109
Hervé Debar, Marc Dacier, Andreas Wespi, Towards a taxonomy of intrusion-detection systems Computer Networks. ,vol. 31, pp. 805- 822 ,(1999) , 10.1016/S1389-1286(98)00017-6
R.A. Maxion, K.M.C. Tan, Anomaly detection in embedded systems IEEE Transactions on Computers. ,vol. 51, pp. 108- 120 ,(2002) , 10.1109/12.980003
Carla Marceau, Characterizing the behavior of a program using multiple-length N-grams new security paradigms workshop. pp. 101- 110 ,(2001) , 10.1145/366173.366197
D. Wagner, R. Dean, Intrusion detection via static analysis ieee symposium on security and privacy. pp. 156- 168 ,(2001) , 10.1109/SECPRI.2001.924296
K.M.C. Tan, R.A. Maxion, "Why 6?" Defining the operational limits of stide, an anomaly-based intrusion detector ieee symposium on security and privacy. pp. 188- 201 ,(2002) , 10.1109/SECPRI.2002.1004371
C. Warrender, S. Forrest, B. Pearlmutter, Detecting intrusions using system calls: alternative data models ieee symposium on security and privacy. pp. 133- 145 ,(1999) , 10.1109/SECPRI.1999.766910