Evaluation of the capabilities of Wireshark as network intrusion system
暂无分享,去创建一个
Network security professions learning network intrusion should be able to see attack signatures and learn the different techniques to detect them. Wireshark is an open source cross-platform protocol analyzer with a user-friendly interface. Wireshark has a protocol dissector that supports over 2000 protocols. In the paper we assume that Network Intrusion detection systems should have three components: a user interface, packet sniffer and a detection engine. The detection engine can either detect anomaly or signature based attacks but it must be automated: it should detect intrusions without human intervention. The paper shows that Wireshark can be considered a packet sniffer, protocol analyzer and trouble shooting tool but not a network intrusion detection system as it lacks the fundamental component which is an automated detection engine.
[1] Guy Bruneau,et al. The History and Evolution of Intrusion Detection , 2019 .
[2] Arshad Iqbal,et al. Network Traffic Analysis and Intrusion Detection Using Packet Sniffer , 2010, 2010 Second International Conference on Communication Software and Networks.
[3] Usha Banerjee,et al. Evaluation of the Capabilities of WireShark as a tool for Intrusion Detection , 2010 .