DocumentCode :
3213938
Title :
Controlling intrusion detection systems by generating false positives: squealing proof-of-concept
Author :
Yurcik, William
Author_Institution :
Nat. Center for Supercomput. Applications, Illinois Univ., Urbana-Champaign, IL, USA
fYear :
2002
fDate :
6-8 Nov. 2002
Firstpage :
134
Lastpage :
135
Abstract :
We introduce a new class of attack against a network signature-based intrusion detection system (IDS) which we have tested using SNORT and we call "squealing". This vulnerability has significant implications since it can be generalized to any IDS. While signature-based IDSs have implementation problems with high false positive rates that require tuning, we show a more serious general vulnerability in that packets can be crafted to match attack signatures such that alarms can be selectively triggered allowing a target IDS to be externally controlled by a malicious attacker.
Keywords :
Internet; packet switching; telecommunication security; transport protocols; IDS; SNORT; attack signatures; false positives; malicious attacker; network signature-based intrusion detection system; packets; squealing proof-of-concept; vulnerability; Buffer overflow; Control systems; Intrusion detection; Pattern matching; Payloads; Sun; System testing; TCPIP; Uncertainty; Writing;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Local Computer Networks, 2002. Proceedings. LCN 2002. 27th Annual IEEE Conference on
ISSN :
0742-1303
Print_ISBN :
0-7695-1591-6
Type :
conf
DOI :
10.1109/LCN.2002.1181776
Filename :
1181776
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=3213938
بازگشت