论文信息 - A Proposal of Protocol and Policy-Based Intrusion Detection System

A Proposal of Protocol and Policy-Based Intrusion Detection System

Currently, intrusion detection systems (IDSs) are widely deployed in enterprise networks for detecting network attacks. Most existing commercial IDSs are based on misuse detection model. In misuse detection, although known attacks can be detected, unknown ones cannot be detected because attack signatures for unknown attacks cannot be generated. In this paper, we propose a method for detecting network attacks including unknown ones against servers such as web servers, mail servers, FTP servers, and DNS servers, using protocol specifications and site access policy. Furthermore, we propose a method to predict damage from detected attacks using neural networks.

Shigeyuki Matsuda | Tatsuya Baba | T. Baba | S. Matsuda

[1] Shigeyuki Matsuda,et al. Tracing Network Attacks to Their Sources , 2002, IEEE Internet Comput..

[2] Anna R. Karlin,et al. Practical network support for IP traceback , 2000, SIGCOMM.

[3] Peter G. Neumann,et al. EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances , 1997, CCS 2002.

[4] Steven M. Bellovin,et al. ICMP Traceback Messages , 2003 .

[5] Todd L. Heberlein,et al. Network intrusion detection , 1994, IEEE Network.