| Publisher | University of Wisconsin | ||
|---|---|---|---|
| Format | 191.3KB PDF | Date added | 20 Sep 2004 |
| Topics | Network Security, Security Tools, Intrusion Detection Systems | ||
| Downloads | 16 | ||
A common way to elude a signature-based NIDS is to transform an attack instance that the NIDS recognizes into another instance that it misses. For example, to avoid matching the attack payload to a NIDS signature, attackers split the payload into several TCP packets or hide it between benign messages. It is observed that different attack instances can be derived from each other using simple transformations. The paper models these transformations as inference rules in a natural-deduction system. Starting from an exemplary attack instance, an inference engine to automatically generate all possible instances derived by a set of rules is used. The result is a simple yet powerful tool capable of both generating attack instances for NIDS testing and determining whether a given sequence of packets is an attack.
Did you find this white paper useful?
Related white papers
MessageLabs Intelligence : 2009 security Predictions
Having analyzed the global threat landscape for almost a decade, MessageLabs Team Skeptic™ is comprised of many world-renowned malware and spam experts who have a global view of threats across...
Tangled Web : Undercover Threats, Invisible Enemies
MessageLabs offers integrated web and email security services proven to stay a step ahead of the bad guys. Its Web Security service, for example, includes anti-spyware and anti-virus protection, as...
Security & trust: the backbone of doing business over the internet
In e-commerce consumers are concerned about indentity theft. TNS research reported in 2006 70% of online shoppers have abandoned a purchase beacuase of security concerns. This white paper explores the...
IDC Vendor Spotlight
Organised ubiquity is a must for organisations to sucessfully "project" their users in any given landspace, at any given time, with secuirty policy. This White Paper covers issues surrounding secure...
Staying a step ahead of the hackers: the importance of identifying critical Web application vulnerabilities
Managers work to better manage the risks associated with their business infrastructure. Web application security plays a significant role in achieveing this goal. This white paper deals with issues surrounding...
Web application security: automated scanning versus manual penetration testing.
research has shown that a vast number of web sites are vunerable to application attacks, most occur over HTTP/S protocals. There are twom methods to detect web vunerablity . This...
Trend Micro Enterprise Security white paper
This white paper reviews the content security threat landscape and how it has evolved into a more dangerous and high risk environment. The paper discussed how conventional content security approaches...
