Vol.5 No.2
Year: 2010
Issue: October - December
Title: Network-Level Length-Based Intrusion Detection System
Author Name: Jeya S, S. Muthu Perumal Pillai
Synopsis:
As the transmission of data on the Internet increases, the need to protect connected systems also increases. Most existing network-based signatures are specific to exploit and can be easily evaded. In this paper, we propose generating vulnerability-driven signatures at network level without any host-level analysis of worm execution or vulnerable programs. This implementation considers both temporal and spatial information of network connections. This is helpful for identification of complex anomalous behaviors. For detecting the unknown intrusions the proper knowledge base is to be formed after preprocessing the packets captured from the network. As the first step, we design a network-based length-based signature generator (LESG) for the worms exploiting buffer overflow vulnerabilities. This work is focused on the TCP/IP network protocols.
No comments:
Post a Comment