A Generation Framework of Multiple Evasions on IDS

Author

Dong Lipeng ; Chen Xingyuan ; Tang Huilin ; Shi Wang

Author_Institution

Henan Province Key Lab. of Inf. Security, Zhengzhou Inf. Sci. & Technol. Inst., Zhengzhou, China

fYear

2013

fDate

21-23 Sept. 2013

Firstpage

549

Lastpage

552

Abstract

Intrusion detection technology aimed at identifying hidden illegal intrusion by the analysis of network traffic. To an attacker, if he wants to send malicious code to a protected host in the internal network, he has to firstly evade the detection of the intrusion detection system (IDS). The IDS evasion techniques enable IDS produce omission or misstatement, can greatly increase the probability of success attacks. But after years of the contest between evasion and anti-evasion, individual evasions and random combined evasions is difficult to implement and also inefficient. This paper is committed to providing a systematic and scientific generation method for multiple evasions. Using this framework, we are able to design a complete system for IDS anti-evasion testing, and provide recommendations for giving IDS policies.

Keywords

computer network security; telecommunication traffic; transport protocols; IDS antievasion testing; IDS evasion techniques; IDS policies; hidden illegal intrusion identification; internal network; intrusion detection technology; malicious code; multiple evasions generation framework; network traffic analysis; protected host; randomly-combined evasions; success attack probability; systematic scientific generation method; Encoding; IP networks; Intrusion detection; Payloads; Protocols; Testing; IDS; generation framework; multiple evasions;

fLanguage

English

Publisher

ieee

Conference_Titel

Instrumentation, Measurement, Computer, Communication and Control (IMCCC), 2013 Third International Conference on

Conference_Location

Shenyang

Type

conf

DOI

10.1109/IMCCC.2013.124

Filename

6840514