N-Gram against the Machine: On the Feasibility of the N-Gram Network Analysis for Binary Protocols
作者: Dina Hadžiosmanović , Lorenzo Simionato , Damiano Bolzoni , Emmanuele Zambon , Sandro Etalle
DOI: 10.1007/978-3-642-33338-5_18
关键词:
摘要: In recent years we have witnessed several complex and high-impact attacks specifically targeting "binary" protocols (RPC, Samba and, more recently, RDP). These could not be detected by current --- signature-based detection solutions, while at least in theory they state-of-the-art anomaly-based systems. This raises once again the still unanswered question of how effective systems are practice. To contribute to answering this question, paper investigate effectiveness a widely studied category network intrusion systems: algorithms using n-gram analysis for payload inspection. Specifically, present thorough evaluation variants on real-life environments. Our tests show that analyzed systems, presence data with high variability, cannot deliver low false positive rates same time.
springer.com
utwente.nl
springerlink.com
core.ac.uk 参考文章(26)
V. Vapnik, Pattern recognition using generalized portrait method Automation and Remote Control. ,vol. 24, pp. 774- 780 ,(1963)
John F. Farrell, S. Jeff Turner, Peter A. Loscocco, Ruth C. Taylor, Stephen D. Smalley, Patrick A. Muckelbauer, The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments ,(2000)
Vinod Yegneswaran, Guofei Gu, Wenke Lee, Martin Fong, Phillip Porras, BotHunter: detecting malware infection through IDS-driven dialog correlation usenix security symposium. pp. 12- ,(2007)
Angelos D. Keromytis, Salvatore J. Stolfo, Yingbo Song, Spectrogram: A Mixture-of-Markov-Chains Model for Anomaly Detection in Web Traffic network and distributed system security symposium. pp. 121- 135 ,(2009) , 10.7916/D86W9K09
Ang Cui, Salvatore J. Stolfo, Defending Embedded Systems with Software Symbiotes Lecture Notes in Computer Science. pp. 358- 377 ,(2011) , 10.1007/978-3-642-23644-0_19
Matthew V. Mahoney, Philip K. Chan, An analysis of the 1999 DARPA/lincoln Laboratory evaluation data for network anomaly detection recent advances in intrusion detection. pp. 220- 237 ,(2003) , 10.1007/978-3-540-45248-5_13
Ke Wang, Janak J. Parekh, Salvatore J. Stolfo, Anagram: A Content Anomaly Detector Resistant to Mimicry Attack Lecture Notes in Computer Science. pp. 226- 248 ,(2006) , 10.1007/11856214_12
Kenneth L. Ingham, Hajime Inoue, Comparing anomaly detection techniques for HTTP recent advances in intrusion detection. pp. 42- 62 ,(2007) , 10.1007/978-3-540-74320-0_3
Christof Störmann, Jan Kästner, Patrick Düssel, Christian Gehl, Pavel Laskov, Jens-Uwe Bußer, Cyber-Critical Infrastructure Protection Using Real-Time Payload-Based Anomaly Detection Critical Information Infrastructures Security. ,vol. 6027, pp. 85- 97 ,(2010) , 10.1007/978-3-642-14379-3_8
Robin Sommer, Vern Paxson, Outside the Closed World: On Using Machine Learning for Network Intrusion Detection ieee symposium on security and privacy. pp. 305- 316 ,(2010) , 10.1109/SP.2010.25