Passive Network Monitoring Tool-eXtended (PNMT-X) : proof of concept : report on research progress to November 1, 2006 / Frederic Massicotte, research engineer. : Co24-3/8-2007-2E-PDF

"Network Intrusion Detection Systems (IDS) have the reputation of generating many false positives. Recent approaches, known as stateful IDS, utilize the state of communication sessions into account to address this issue. However, for IDS to be able to distinguish between a successful and failed attack attempt, it requires a correlation among the state of the multiple sessions, the reactions of the target system and other gathered of network context information. In this report, we present initial research that supports an IDS approach that attempts to confirm attack success or failure by collecting more network context and combining this information with the attack detected information provided by the IDS. The approach relies on capturing the related effects of an attack to be able to confirm the success or failure against a target system. This approach has been evaluated using existing attacks on real systems and the observed results are positive and further work is required to refine the algorithm"--Abstract, page i.

Lien permanent pour cette publication :
publications.gc.ca/pub?id=9.892651&sl=1

Renseignements sur la publication
Ministère/Organisme Communications Research Centre (Canada), issuing body.
Titre Passive Network Monitoring Tool-eXtended (PNMT-X) : proof of concept : report on research progress to November 1, 2006 / Frederic Massicotte, research engineer.
Titre de la série CRC technical note ; CRC-TN-2007-0002
Type de publication Série - Voir l'enregistrement principal
Langue [Anglais]
Format Électronique
Document électronique
Note(s) "Ottawa, March 2007."
Digitized edition from print [produced by Innovation, Science and Economic Development Canada].
Includes bibliographical references (page 22).
Issued also in print format.
Includes abstracts in English and French.
Information sur la publication Ottawa : Communication Research Centre Canada = Centre des recherches sur les communications Canada, 2007.
Auteur / Contributeur Massicotte, Frederic, author.
Description 1 online resource (ii, 22 pages) : illustrations.
Numéro de catalogue
  • Co24-3/8-2007-2E-PDF
Descripteurs Intrusion detection systems (Computer security)
Systèmes de détection d'intrusion (Sécurité informatique)
Demander des formats alternatifs
Pour demander une publication dans un format alternatif, remplissez le formulaire électronique des publications du gouvernement du Canada. Utilisez le champ du formulaire «question ou commentaire» pour spécifier la publication demandée.
Date de modification :