Passive Network Monitoring Tool-eXtended (PNMT-X) : proof of concept : report on research progress to November 1, 2006 / Frederic Massicotte, research engineer. : Co24-3/8-2007-2E-PDF

"Network Intrusion Detection Systems (IDS) have the reputation of generating many false positives. Recent approaches, known as stateful IDS, utilize the state of communication sessions into account to address this issue. However, for IDS to be able to distinguish between a successful and failed attack attempt, it requires a correlation among the state of the multiple sessions, the reactions of the target system and other gathered of network context information. In this report, we present initial research that supports an IDS approach that attempts to confirm attack success or failure by collecting more network context and combining this information with the attack detected information provided by the IDS. The approach relies on capturing the related effects of an attack to be able to confirm the success or failure against a target system. This approach has been evaluated using existing attacks on real systems and the observed results are positive and further work is required to refine the algorithm"--Abstract, page i.

Lien permanent pour cette publication :
publications.gc.ca/pub?id=9.892651&sl=1

• Format MARC XML
• Format MARC HTML

Demander des formats alternatifs