• DocumentCode
    3213938
  • Title

    Controlling intrusion detection systems by generating false positives: squealing proof-of-concept

  • Author

    Yurcik, William

  • Author_Institution
    Nat. Center for Supercomput. Applications, Illinois Univ., Urbana-Champaign, IL, USA
  • fYear
    2002
  • fDate
    6-8 Nov. 2002
  • Firstpage
    134
  • Lastpage
    135
  • Abstract
    We introduce a new class of attack against a network signature-based intrusion detection system (IDS) which we have tested using SNORT and we call "squealing". This vulnerability has significant implications since it can be generalized to any IDS. While signature-based IDSs have implementation problems with high false positive rates that require tuning, we show a more serious general vulnerability in that packets can be crafted to match attack signatures such that alarms can be selectively triggered allowing a target IDS to be externally controlled by a malicious attacker.
  • Keywords
    Internet; packet switching; telecommunication security; transport protocols; IDS; SNORT; attack signatures; false positives; malicious attacker; network signature-based intrusion detection system; packets; squealing proof-of-concept; vulnerability; Buffer overflow; Control systems; Intrusion detection; Pattern matching; Payloads; Sun; System testing; TCPIP; Uncertainty; Writing;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Local Computer Networks, 2002. Proceedings. LCN 2002. 27th Annual IEEE Conference on
  • ISSN
    0742-1303
  • Print_ISBN
    0-7695-1591-6
  • Type

    conf

  • DOI
    10.1109/LCN.2002.1181776
  • Filename
    1181776
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3213938