|
000
| 02718nam 2200373zi 4500 |
|---|
| 001 | 9.892651 |
|---|
| 003 | CaOODSP |
|---|
| 005 | 20221107173230 |
|---|
| 006 | m o d f |
|---|
| 007 | cr mn||||||||| |
|---|
| 008 | 201021s2007 onca ob f000 0 eng d |
|---|
| 040 | |aCaOODSP|beng|erda|cCaOODSP |
|---|
| 041 | 0 |aeng|beng|bfre |
|---|
| 086 | 1 |aCo24-3/8-2007-2E-PDF |
|---|
| 100 | 1 |aMassicotte, Frederic, |eauthor. |
|---|
| 245 | 10|aPassive Network Monitoring Tool-eXtended (PNMT-X) : |bproof of concept : report on research progress to November 1, 2006 / |cFrederic Massicotte, research engineer. |
|---|
| 264 | 1|aOttawa : |bCommunication Research Centre Canada = Centre des recherches sur les communications Canada, |c2007. |
|---|
| 300 | |a1 online resource (ii, 22 pages) : |billustrations. |
|---|
| 336 | |atext|btxt|2rdacontent |
|---|
| 337 | |acomputer|bc|2rdamedia |
|---|
| 338 | |aonline resource|bcr|2rdacarrier |
|---|
| 490 | 1 |aCRC technical note ; |vCRC-TN-2007-0002 |
|---|
| 500 | |a"Ottawa, March 2007." |
|---|
| 500 | |aDigitized edition from print [produced by Innovation, Science and Economic Development Canada]. |
|---|
| 504 | |aIncludes bibliographical references (page 22). |
|---|
| 520 | 3 |a"Network Intrusion Detection Systems (IDS) have the reputation of generating many false positives. Recent approaches, known as stateful IDS, utilize the state of communication sessions into account to address this issue. However, for IDS to be able to distinguish between a successful and failed attack attempt, it requires a correlation among the state of the multiple sessions, the reactions of the target system and other gathered of network context information. In this report, we present initial research that supports an IDS approach that attempts to confirm attack success or failure by collecting more network context and combining this information with the attack detected information provided by the IDS. The approach relies on capturing the related effects of an attack to be able to confirm the success or failure against a target system. This approach has been evaluated using existing attacks on real systems and the observed results are positive and further work is required to refine the algorithm"--Abstract, page i. |
|---|
| 530 | |aIssued also in print format. |
|---|
| 546 | |aIncludes abstracts in English and French. |
|---|
| 650 | 0|aIntrusion detection systems (Computer security) |
|---|
| 650 | 6|aSystèmes de détection d'intrusion (Sécurité informatique) |
|---|
| 710 | 2 |aCommunications Research Centre (Canada), |eissuing body. |
|---|
| 830 | #0|aCRC technical note ;|vno. 2007-0002.|w(CaOODSP)9.882494 |
|---|
| 856 | 40|qPDF|s942 KB|uhttps://publications.gc.ca/collections/collection_2020/isde-ised/Co24/Co24-3-8-2007-2-eng.pdf |
|---|