KIDS: keyed intrusion detection system
作者: Sasa Mrdovic , Branislava Drazenovic , None
DOI: 10.1007/978-3-642-14215-4_10
关键词:
摘要: Since most current network attacks happen at the application layer, analysis of packet payload is necessary for their detection. Unfortunately malicious packets may be crafted to mimic normal payload, and so avoid detection if anomaly method known. This paper proposes keyed NIDS. Model key dependent. Key different each implementation kept secret. Therefore model secret although public. prevents mimicry attacks. Payload partitioned into words. Words are defined by delimiters. Set delimiters plays a role key. Proposed design implemented tested. Testing with HTTP traffic confirmed same capabilities keys.
springer.com
sci-hub.st 参考文章(29)
Kymie M. C. Tan, Kevin S. Killourhy, Roy A. Maxion, Undermining an anomaly-based intrusion detection system using common exploits recent advances in intrusion detection. pp. 54- 73 ,(2002) , 10.1007/3-540-36084-0_4
Philip K. Chan, Rachna Vargiya, Boundary detection in tokenizing network application payload for anomaly detection ,(2003)
Richard A. Kemmerer, Christopher Krügel, Giovanni Vigna, William K. Robertson, Using Generalization and Characterization Techniques in the Anomaly-based Detection of Web Attacks. network and distributed system security symposium. ,(2006)
Oleg Kolesnikov, Wenke Lee, Advanced Polymorphic Worms: Evading IDS by Blending in with Normal Traffic Georgia Institute of Technology. ,(2005)
P. Akritidis, E. P. Markatos, M. Polychronakis, K. Anagnostakis, STRIDE: Polymorphic Sled Detection Through Instruction Sequence Analysis information security conference. pp. 375- 391 ,(2005) , 10.1007/0-387-25660-1_25
Ke Wang, Gabriela Cretu, Salvatore J. Stolfo, Anomalous Payload-Based Worm Detection and Signature Generation Lecture Notes in Computer Science. pp. 227- 246 ,(2006) , 10.1007/11663812_12
Michael Rash, Jake Babbin, Becky Pinkard, Graham Clark, Angela D. Orebaugh, Intrusion Prevention and Active Response: Deploying Network and Host IPS ,(2005)
Christopher Kruegel, Engin Kirda, Darren Mutz, William Robertson, Giovanni Vigna, Polymorphic Worm Detection Using Structural Information of Executables Lecture Notes in Computer Science. pp. 207- 226 ,(2006) , 10.1007/11663812_11
Michalis Polychronakis, Kostas G. Anagnostakis, Evangelos P. Markatos, Emulation-based detection of non-self-contained polymorphic shellcode recent advances in intrusion detection. pp. 87- 106 ,(2007) , 10.1007/978-3-540-74320-0_5
Ke Wang, Janak J. Parekh, Salvatore J. Stolfo, Anagram: A Content Anomaly Detector Resistant to Mimicry Attack Lecture Notes in Computer Science. pp. 226- 248 ,(2006) , 10.1007/11856214_12