Elephant: Network Intrusion Detection Systems that Don't Forget
作者: M.G. Merideth , P. Narasimhan
关键词:
摘要: Modern Network Intrusion Detection Systems (NIDSs) maintain state that helps them accurately detect attacks. Because most NIDSs are signature-based, it is critical to update their rule-sets frequently; unfortunately, doing so can result in downtime causes be lost, leading vulnerabilities of attack misclassification. In this paper, we show such do exist and provide a way avoid them. Using the open-source NIDS Snort, present Elephant, an approach implementation for updating provides cause Snort enter safe quiescent point, load new rules into memory, remove old from memory-all while preserving required make sure does not miss We critique performance evaluation our technique.
computer.org
sci-hub.se 参考文章(8)
Timothy N. Newsham, Thomas H. Ptacek, Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection ,(1998)
Brian Caswell, Ryan Russell, Jay Beale, Jeffrey Posluns, James C. Foster, Snort 2.0 Intrusion Detection ,(2003)
Vern Paxson, Bro: a system for detecting network intruders in real-time Computer Networks. ,vol. 31, pp. 2435- 2463 ,(1999) , 10.1016/S1389-1286(99)00112-7
W Richard Stevens, Stephen A Rago, Dennis M Ritchie, None, Advanced Programming in the Unix Environment ,(1992)
R. Molva, D. Samfat, G. Tsudik, Authentication of mobile users IEEE Network. ,vol. 8, pp. 26- 34 ,(1994) , 10.1109/65.272938
M.E. Segal, O. Frieder, On-the-fly program modification: systems for dynamic updating IEEE Software. ,vol. 10, pp. 53- 65 ,(1993) , 10.1109/52.199735
Karl N. Levitt, Biswanath Mukherjee, L. Todd Heberlein, Network Intrusion Detection Intrusion detection is a new, retrofit approach for providing a sense of security in existing computers and data networks, while allowing them to operate in their current "open" mode. ,(1994)
Biswanath Mukherjee, L Todd Heberlein, Karl N Levitt, None, Network intrusion detection IEEE Network. ,vol. 8, pp. 26- 41 ,(1994) , 10.1109/65.283931