SafeCard: A gigabit IPS on the network card

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 4219 LNCS, Issue , 2006, Pages 311-330

  De Bruijn, Willem ^a   Slowinska, Asia ^a   Van Reeuwijk, Kees ^a   Hruby, Tomas ^a   Xu, Li ^b   Bos, Herbert ^a  

^a VU UNIVERSITY AMSTERDAM   (Netherlands)

^b UNIVERSITY OF AMSTERDAM   (Netherlands)

Author keywords

[No Author keywords available]

Indexed keywords

ABSTRACTING; NETWORK PROTOCOLS; PACKET SWITCHING; SIGNAL FILTERING AND PREDICTION; TELECOMMUNICATION LINKS; TELECOMMUNICATION NETWORKS;

DEEP-PACKET INSPECTION; INTRUSION PREVENTION SYSTEMS; POLYMORPHIC BUFFER OVERFLOWS;

SECURITY OF DATA;

EID: 33750307577     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/11856214_16     Document Type: Conference Paper

References (36)

1. Ptacek, T.H., Newsham, T.N.: Insertion, evasion, and denial of service: Eluding network intrusion detection. Technical report, Secure Networks Inc. (1998)
2. Handley, M., Paxson, V., Kreibich, C.: Network intrusion detection: Evasion, traffic normalization, and end-to-end protocol semantics. In: USENIX-Sec'2001, Washington, D.C., USA (2001)
3. Stuart Staniford, V.P., Weaver, N.: How to Own the internet in your spare time. In: Proc. of the 11th USENIX Security Symposium. (2002)
4. James Newsome, B.K., Song, D.: Polygraph: Automatically generating signatures for polymorphic worms. In: Proc. of the IEEE Symposium on Security and Privacy. (2005)
5. . S. Singh, C. Estan, G. Varghese and S. Savage: Automated worm fingerprinting. In: In Proc. of the 6th USENIX Symposium on Operating Systems Design and Implementation (OSDI). (2004) 45-60
6. loannidis, S., Keromytis, A.D., Bellovin, S.M., Smith, J.M.: Implementing a distributed firewall. In: CCS '00: Proceedings of the 7th ACM conference on Computer and communications security, ACM Press (2000) 190-199
7. Bos, H., Huang, K.: Towards software-based signature detection for intrusion prevention on the network card. In: Proc of the 8th International Symposium on Recent Advances in Intrusion Detection (RAID). (2005)
8. Portokalidis, G., Slowinska, A., Bos, H.: Argos: an emulator for fingerprinting zeroday attacks. In: Proc. ACM SIGOPS EUROSYS'2006, Leuven, Belgium (2006)
9. Roesch, M.: Snort - lightweight intrusion detection for networks. In: Proc. of LISA '99: 13th Systems Administration Conference. (1999)
10. C. Cowan, C. Pu, D. Maier, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle and Q. Zhang: StackGuard: Automatic adaptive detection and prevention of bufferoverflow attacks. In: Proc. of the 7th USENIX Security Symposium. (1998)
11. S. Bhatkar, D.C. Du Varney and R. Sekar: Address obfuscation: an efficient approach to combat a broad range of memory error exploits. In: In Proc. of the 12th USENIX Security Symposium. (2003) 105-120
12. E. G. Barrantes, D.H. Ackley, S. Forrest, T. S. Palmer, D. Stefanovix and D.D. Zovi: Randomized instruction set emulation to disrupt code injection attacks. In: In Proc. of the 10th ACM Conference on Computer and Communications Security (CCS). (2003) 281-289
13. M. Costa, J. Crowcroft, M. Castro, A Rowstron, L. Zhou, L. Zhang and P. Barham: Vigilante: End-to-end containment of internet worms. In: In Proc. of the 20th ACM Symposium on Operating Systems Principles (SOSP), Brighton, UK (2005)
14. Clark, C., Lee, W., Schimmel, D., Contis, D., Koné, M., Thomas, A.: A hardware platform for network intrusion detection and prevention. In: Third Workshop on Network Processors and Applications, Madrid, Spain (2004)
15. Williamson, M.M.: Throttling Viruses: Restricting Propagation to Defeat Malicious Mobile Code. In: Proc. of ACSAC Security Conference, Las Vegas, Nevada (2002)
16. Robertson, W., Vigna, G., Kruegel, C., Kemmerer, R.: Using generalization and characterization techniques in the anomaly-based detection of web attacks. In: NDSS'05. (2005)
17. C. Cowan, S. Beattie, J. Johansen and P. Wagle: PointGuard: Protecting pointers from buffer overflow vulnerabilities. In: In Proc. of the 12th USENIX Security Symposium. (2003) 91-104
18. C. Cowan, M. Barringer, S. Beattie and G. Kroah-Hartman: FormatGuard: Automatic protection from printf format string vulnerabilities. In: In Proc. of the 10th Usenix Security Symposium. (2001)
19. Provos, N.: Improving host security with system call policies. In: In Proc. of the 12th USENIX Security Symposium. (2003)
20. U. Shankar, K. Talwar, J. S. Foster, and D. Wagner: Detecting format string vulnerabilities with type qualifiers. In: In Proc. of the 10th USENIX Security Symposium. (2001) 201-216
21. G. C. Necula, S. McPeak, and W. Weimer: CCured: Type-safe retrofitting of legacy code. In: In Proc. of the Principles of Programming Languages (PoPL). (2002)
22. bulba and Kil3r: Bypassing Stackguard and Stackshield. Phrack Magazine 10 (2000)
23. gera, riq: Advances in format string exploitation. Phrack Magazine 11 (2002)
24. Liang, Z., Sekar, R.: Fast and automated generation of attack signatures: A basis for building self-protecting servers. In: Proc. ACM CCS, Alexandria, VA, USA (2005) 213-223
25. Kruegel, C., Kirda, E., Mutz, D., Robertson, W., Vigna, G.: Polymorphic worm detection using structural information of executables. In: Proc. of RAID'05, Seattle, USA (2005)
26. Kerschbaum, F., Spafford, E.H., Zamboni, D.: Using embedded sensors for detecting network attack. Technical report, Purdue University (2000)
27. Paxson, V.: Bro: A system for detecting network intruders in real-time. Computer Networks 31(23-24) (1999) 2435-2463
28. Bos, H., de Bruijn, W., Cristea, M., Nguyen, T., Portokalidis, G.: FFPF: Fairly Fast Packet Filters. In: Proceedings of OSDI'04, San Francisco, CA (2004)
29. Cristea, M., de Bruijn, W., Bos, H.: Fpl-3: towards language support for distributed packet processing. In: Proceedings of IFIP Networking, published as LNCS Volume 3462 / 2005, ISBN: 3-540-25809-4, Waterloo, Ontario, Canada (2005) p.743-755
30. Malan, R., Watson, D., Jahanian, F., Howell, P.: Transport and application protocol scrubbing. In: Infocom'2000, Tel-Aviv, Israel (2000)
31. Laurikari, V.: NFAs with tagged transitions, their conversion to deterministic automata and application to regular expressions. In: SPIRE. (2000) 181-187
32. Aho, A.V., Ullman, J.D.: Foundations of Computer Science. Computer Science Press (1992)
33. Gill, A.: Introduction to the Theory of Finite-state Machines. McGraw-Hill (1962)
34. Newsome, J., Song, D.: Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In: Proc. of the 12th Annual Network and Distributed System Security Symposium (NDSS). (2005)
35. SecurityFocus: Can-2003-0245 apache apr-psprintf memory corruption vulnerability. http://www.securityfocus.com/bid/7723/discussion/ (2003,)
36. Nguyen, T., Cristea, M., de Bruijn, W., Box, H.: Scalable network monitors for high-speed links: a bottom-up approach. In: Proceedings of IPOM'04. (2004)