论文信息 - Specification-based Intrusion Detection System for Carrier Ethernet

Specification-based Intrusion Detection System for Carrier Ethernet

Layered network architectures (OSI, TCP/IP) separate functionality in layers, allowing them to be designed and implemented independently. However, from the security point of view, once a lower layer is compromised, the reliability of the higher layers can be impaired. This paper is about the security of the Data Link Layer, which can affect the reliability of higher layers, like TCP, HTTP and other World-Wide Web protocols. The paper analyzes security-wise a layer 2 protocol – the Spanning Tree Protocol (STP), part of the Ethernet suite – and presents a solution to detect attacks against this protocol using Specification-based Intrusion Detection.

Miguel Correia | João Redol | Pan Jieke

[1] Guillermo Mario Marro. Attacks at the Data Link Layer , 2003 .

[2] Karl N. Levitt,et al. Using Specification-Based Intrusion Detection for Automated Response , 2003, RAID.

[3] Christopher Krügel,et al. Intrusion Detection and Correlation - Challenges and Solutions , 2004, Advances in Information Security.

[4] R. Sekar,et al. Experiences with Specification-Based Intrusion Detection , 2001, Recent Advances in Intrusion Detection.

[5] R. Sekar,et al. Specification-based anomaly detection: a new approach for detecting network intrusions , 2002, CCS '02.