A tool for offline and live testing of evasion resilience in network intrusion detection systems

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 5137 LNCS, Issue , 2008, Pages 267-278

  Juan, Leo ^a   Kreibich, Christian ^b   Lin, Chih Hung ^a   Paxson, Vern ^b  

^a INSTITUTE FOR INFORMATION INDUSTRY   (Taiwan)

^b INTERNATIONAL COMPUTER SCIENCE INSTITUTE   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER CRIME; INTERNET; SECURITY OF DATA; SENSORS; SIGNAL DETECTION; SURFACE CHEMISTRY; TELECOMMUNICATION NETWORKS; TESTING;

CONFIGURABLE; INTERNATIONAL CONFERENCES; MALWARE; NETWORK INTERFACES; NETWORK INTRUSION DETECTION SYSTEMS; OPEN SOURCES; PACKET TRACES; PHYSICAL NETWORKS; PROTOTYPE SYSTEMS; TEST HARNESS; VULNERABILITY ASSESSMENTS;

INTRUSION DETECTION;

EID: 49949107014     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-540-70542-0_14     Document Type: Conference Paper

References (16)

1. Group, N.: Network IPS Testing Procedure (V4.0) (2006), http://www.nss.co.uk/certification/ips/nss-nips-v40-testproc.pdf
2. Shankar, U., Paxson, V.: Active mapping: resisting NIDS evasion without altering traffic. In: Proc. Symposium on Security and Privacy, pp. 44-61 (2003)
3. Dreger, H., Kreibich, C., Paxson, V., Sommer, R.: Enhancing the accuracy of network-based intrusion detection with host-based context. In: Julisch, K., Krügel, C. (eds.) DIMVA 2005. LNCS, vol. 3548. Springer, Heidelberg (2005)
4. Taleck, G.: Ambiguity Resolution via Passive OS Fingerprinting. In: Vigna, G., Krügel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 192-206. Springer, Heidelberg (2003)
5. Handley, M., Paxson, V., Kreibich, C.: Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics. In: Proc. USENIX Security Symposium (2001)
6. Watson, D., Smart, M., Malan, G.R., Jahanian, F.: Protocol Scrubbing: Network Security through Transparent Flow Modification. IEEE/ACM Transactions on Networking 12(2), 261-273 (2004)
7. Pang, R., Paxson, V.: A High-Level Programming Environment for Packet. Trace Anonymization and Transformation. In: Proceedings of the ACM SIGCOMM Conference (August 2003)
8. Paxson, V.: Bro: A system for detecting network intruders in real-time. Computer Networks 31(23-24), 2435-2463 (1999)
9. Kreibich, C.: Design and Implementation of Netdude, a Framework for Packet Trace Manipulation. In: Proc. USENIX Technical Conference, FREENIX track (2004)
10. Biondi, P.: Scapy, a powerful interactive packet manipulation program, http://www.secdev.org/projects/scapy/
11. Provos, N.: A Virtual Honeypot Framework. In: Proceedings of the 13th USENIX Security Symposium, pp. 1-14 (2004)
12. SourceFire: Snort, the Open Source Network Intrusion Detection System, http://www.snort.org/
13. Ptacek, T., Newsham, T.: Insertion, evasion, and denial of service: Eluding network intrusion detection. Secure Networks, Inc. (January 1998)
14. Vigna, G., Robertson, W., Balzarotti, D.: Testing network-based intrusion detection signatures using mutant, exploits. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, pp. 21-30 (2004)
15. Rubin, S., Jha, S., Miller, B.: Automatic Generation and Analysis of NIDS Attacks. In: Proceedings of the 20th Annual Computer Security Applications Conference (ACSAC 2004), vol. 00, pp. 28-38 (2004)
16. Marty, R.: Thor - A Tool to Test Intrusion Detection Systems by Variations of Attacks. Master's thesis, Swiss Federal Institute of Technology, Zurich, Switzerland (2002)