| Publisher | University of Wisconsin | ||
|---|---|---|---|
| Format | 191.3KB PDF | Date added | 20 Sep 2004 |
| Topics | Network Security, Security Tools, Intrusion Detection Systems | ||
| Downloads | 19 | ||
A common way to elude a signature-based NIDS is to transform an attack instance that the NIDS recognizes into another instance that it misses. For example, to avoid matching the attack payload to a NIDS signature, attackers split the payload into several TCP packets or hide it between benign messages. It is observed that different attack instances can be derived from each other using simple transformations. The paper models these transformations as inference rules in a natural-deduction system. Starting from an exemplary attack instance, an inference engine to automatically generate all possible instances derived by a set of rules is used. The result is a simple yet powerful tool capable of both generating attack instances for NIDS testing and determining whether a given sequence of packets is an attack.
Did you find this white paper useful?
12 out of 26 users found this white paper useful
Related white papers
MessageLabs Intelligence : 2009 security Predictions
Having analyzed the global threat landscape for almost a decade, MessageLabs Team Skeptic™ is comprised of many world-renowned malware and spam experts who have a global view of threats across...
IDC Vendor Spotlight
Organised ubiquity is a must for organisations to sucessfully "project" their users in any given landspace, at any given time, with secuirty policy. This White Paper covers issues surrounding secure...
Web application security: automated scanning versus manual penetration testing.
Research has shown that a vast number of Web sites are vulnerable to Web application attacks and that a great percentage of these attacks occur over the HTTP/S protocols, ports...
Trend Micro Enterprise Security white paper
This white paper reviews the content security threat landscape and how it has evolved into a more dangerous and high risk environment. The paper discussed how conventional content security approaches...
Smart Protection E-Book
"Outthink the Threat: Why conventional protection is no match for new data-stealing malware & the Trend Micro Smart Protection Network is." Discover how cyber criminals are rendering traditional security solutions...
Secure Desktop On-Demand Webcast
The desktop or endpoint is one of the most vulnerable parts of your environment. Threats are everywhere. You have users who love to experiment with device settings (only to wonder...
Smart Protection whitepaper-IDC Analyst
A highly respected senior IDC analyst comments on Trend Micro Smart Protection Network: "Whilst it is a grand vision, IDC believes Trend has done a remarkable job of addressing customer...
