Title :
Network intrusion detection with semantics-aware capability
Author :
Scheirer, Walter ; Chuah, Mooi Choo
Author_Institution :
Dept. of Comput. Sci. & Eng., Lehigh Univ., Bethlehem, PA, USA
Abstract :
Malicious network traffic, including widespread worm activity, is a growing threat to Internet-connected networks and hosts. In this paper, we propose a network intrusion detection system (NIDS) with semantics-aware capability. Our NIDS segregates suspicious traffic from the regular traffic flow, extracts binary code from the suspicious traffic, and performs semantic analysis on it to identify potential threats. Our contributions in this work are threefold: (a) we believe our prototype is the first NIDS that provides semantics-aware capability, (b) our implementation is more efficient than what is reported in (M. Christodorescu et al., 2005) (c) our designed templates can capture polymorphic shellcodes with added sequences of stack and mathematic operations.
Keywords :
Internet; binary codes; security of data; telecommunication traffic; Internet; binary code; malicious network traffic; network intrusion detection; semantics-aware capability; Binary codes; Computer science; Computer worms; IP networks; Intrusion detection; Performance analysis; Performance evaluation; Prototypes; Telecommunication traffic; Viruses (medical);
Conference_Titel :
Parallel and Distributed Processing Symposium, 2006. IPDPS 2006. 20th International
Print_ISBN :
1-4244-0054-6
DOI :
10.1109/IPDPS.2006.1639678
