DocumentCode :
2438655
Title :
Characterization and Solution to a Stateful IDS Evasion
Author :
Aib, Issam ; Tran, Tung ; Boutaba, Raouf
Author_Institution :
Univ. of Waterloo, Waterloo, ON, Canada
fYear :
2009
fDate :
22-26 June 2009
Firstpage :
597
Lastpage :
604
Abstract :
We identify a new type of stateful IDS evasion, named signature evasion. We formalize the signature evasion on those Stateful IDSs whose state can be modeled using Deterministic Finite State Automata (DFAs). We develop an efficient algorithm which operates on rule set DFAs and derives a minimal rectification of evasive paths. Finally, we evaluate our solution on Snort signatures, identify and rectify existing vulnerable flowbit rule sets.
Keywords :
deterministic automata; digital signatures; finite state machines; set theory; deterministic finite state automata; intrusion detection system; rule set; signature evasion; stateful IDS evasion; Automata; Distributed computing; Doped fiber amplifiers; File servers; Intrusion detection; Lead; Protection; Protocols; Reverse engineering; Signal processing; IDS evasion; Intrusion Detection; Regular automata; Signature matching;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Distributed Computing Systems, 2009. ICDCS '09. 29th IEEE International Conference on
Conference_Location :
Montreal, QC
ISSN :
1063-6927
Print_ISBN :
978-0-7695-3659-0
Electronic_ISBN :
1063-6927
Type :
conf
DOI :
10.1109/ICDCS.2009.65
Filename :
5158473
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=2438655
بازگشت