论文信息 - Low-Level Network Attack Recognition : A Signature-Based Approach ∗

Low-Level Network Attack Recognition : A Signature-Based Approach ∗

This research presents a new method for detecting network attacks based on network traffic signatures. It is part of a survivability architecture, which focuses on attack recognition, fault-tolerance and recovery after malicious acts. The attack recognition portion emphasizes low-level analysis of network traffic, high efficiency, real-time operation, and accurate identification of attacks. Attack recognition is based on the analysis of TCP protocol flags with respect to specific attacks and is characterized by its simplicity.

N. Hanebutte | M. McQueen | A. W. Krings | W. S. Harrison | C. Taylor

[1] Stephen Northcutt,et al. Intrusion Signatures and Analysis , 2001 .

[2] P. H. Jackson,et al. Statistical analysis in psychology and education , 1960 .

[3] Naji Habra,et al. ASAX: Software Architecture and Rule-Based Language for Universal Audit Trail Analysis , 1992, ESORICS.

[4] Stephen Northcutt,et al. Network Intrusion Detection: An Analyst's Hand-book , 1999 .

[5] Thomas Spyrou,et al. Intention modelling: approximating computer user intentions for detection and prediction of intrusions , 1996, SEC.

[6] Stephanie Forrest,et al. Intrusion Detection Using Sequences of System Calls , 1998, J. Comput. Secur..

[7] Quinn McNemar,et al. Statistical Analysis in Psychology and Education. , 1967 .

[8] Marcus J. Ranum,et al. Implementing a generalized tool for network monitoring , 1997, Inf. Secur. Tech. Rep..

[9] Marc Dacier,et al. Towards a taxonomy of intrusion-detection systems , 1999, Comput. Networks.

[10] William L. Fithen,et al. State of the Practice of Intrusion Detection Technologies , 2000 .