Passive Network Monitoring Tool-eXtended (PNMT-X) : proof of concept : report on research progress to November 1, 2006 / Frederic Massicotte, research engineer. : Co24-3/8-2007-2E-PDF
"Network Intrusion Detection Systems (IDS) have the reputation of generating many false positives. Recent approaches, known as stateful IDS, utilize the state of communication sessions into account to address this issue. However, for IDS to be able to distinguish between a successful and failed attack attempt, it requires a correlation among the state of the multiple sessions, the reactions of the target system and other gathered of network context information. In this report, we present initial research that supports an IDS approach that attempts to confirm attack success or failure by collecting more network context and combining this information with the attack detected information provided by the IDS. The approach relies on capturing the related effects of an attack to be able to confirm the success or failure against a target system. This approach has been evaluated using existing attacks on real systems and the observed results are positive and further work is required to refine the algorithm"--Abstract, page i.
Lien permanent pour cette publication :
publications.gc.ca/pub?id=9.892651&sl=1
| Ministère/Organisme | Communications Research Centre (Canada), issuing body. |
|---|---|
| Titre | Passive Network Monitoring Tool-eXtended (PNMT-X) : proof of concept : report on research progress to November 1, 2006 / Frederic Massicotte, research engineer. |
| Titre de la série | CRC technical note ; CRC-TN-2007-0002 |
| Type de publication | Série - Voir l'enregistrement principal |
| Langue | [Anglais] |
| Format | Électronique |
| Document électronique | |
| Note(s) | "Ottawa, March 2007." Digitized edition from print [produced by Innovation, Science and Economic Development Canada]. Includes bibliographical references (page 22). Issued also in print format. Includes abstracts in English and French. |
| Information sur la publication | Ottawa : Communication Research Centre Canada = Centre des recherches sur les communications Canada, 2007. |
| Auteur / Contributeur | Massicotte, Frederic, author. |
| Description | 1 online resource (ii, 22 pages) : illustrations. |
| Numéro de catalogue |
|
| Descripteurs | Intrusion detection systems (Computer security) Systèmes de détection d'intrusion (Sécurité informatique) |
Demander des formats alternatifs
Pour demander une publication dans un format alternatif, remplissez le formulaire électronique des publications du gouvernement du Canada. Utilisez le champ du formulaire «question ou commentaire» pour spécifier la publication demandée.- Date de modification :