Syntax vs. semantics: competing approaches to dynamic network intrusion detection

نویسندگان

  • Walter J. Scheirer
  • Mooi Choo Chuah
چکیده

Malicious network traffic, including widespread worm activity, is a growing threat to Internet-connected networks and hosts. In this paper, we consider two competing approaches to dynamic network intrusion detection: syntax based and semantics based approaches. For the syntax driven approach, we propose two sliding window based schemes to generate potential worm signatures automatically. Since syntax based approaches cannot cope well with sophisticated polymorphic and metamorphic worms, the semantics-based approach is a better alternative. Our contribution in this work is threefold: (a) our syntax-based scheme that uses variable-length partition with multiple breakmarks can detect many polymorphic worms, (b) we believe our semantic-based prototype is the first NIDS that provides semantics-aware capability and our system is more efficient than what is reported by Christodorescu et al (2005), (c) our designed templates can capture polymorphic shellcodes with added sequences of stack and mathematic operations.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Reverse Engineering of Network Software Binary Codes for Identification of Syntax and Semantics of Protocol Messages

Reverse engineering of network applications especially from the security point of view is of high importance and interest. Many network applications use proprietary protocols which specifications are not publicly available. Reverse engineering of such applications could provide us with vital information to understand their embedded unknown protocols. This could facilitate many tasks including d...

متن کامل

BeeID: intrusion detection in AODV-based MANETs using artificial Bee colony and negative selection algorithms

Mobile ad hoc networks (MANETs) are multi-hop wireless networks of mobile nodes constructed dynamically without the use of any fixed network infrastructure. Due to inherent characteristics of these networks, malicious nodes can easily disrupt the routing process. A traditional approach to detect such malicious network activities is to build a profile of the normal network traffic, and then iden...

متن کامل

A Survey of Anomaly Detection Approaches in Internet of Things

Internet of Things is an ever-growing network of heterogeneous and constraint nodes which are connected to each other and the Internet. Security plays an important role in such networks. Experience has proved that encryption and authentication are not enough for the security of networks and an Intrusion Detection System is required to detect and to prevent attacks from malicious nodes. In this ...

متن کامل

Anomaly Detection Using SVM as Classifier and Decision Tree for Optimizing Feature Vectors

Abstract- With the advancement and development of computer network technologies, the way for intruders has become smoother; therefore, to detect threats and attacks, the importance of intrusion detection systems (IDS) as one of the key elements of security is increasing. One of the challenges of intrusion detection systems is managing of the large amount of network traffic features. Removing un...

متن کامل

A hybridization of evolutionary fuzzy systems and ant Colony optimization for intrusion detection

A hybrid approach for intrusion detection in computer networks is presented in this paper. The proposed approach combines an evolutionary-based fuzzy system with an Ant Colony Optimization procedure to generate high-quality fuzzy-classification rules. We applied our hybrid learning approach to network security and validated it using the DARPA KDD-Cup99 benchmark data set. The results indicate t...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:
  • IJSN

دوره 3  شماره 

صفحات  -

تاریخ انتشار 2008