SIPS: A Stateful and Flow-Based Intrusion Prevention System for Email Applications
نویسندگان
چکیده
In the fast-growing internet applications, email becomes more and more important in communication. SMTP attacks and spam have become one of the most serious problems. Particularly, the SMTP attacks and spam varies on email, for example spoofing address, illegal characters, sending in bulk, too many SMTP commands and so on. A single security technique is not enough to protect the system from these attacks and spam. In this paper, we propose a SMTP Intrusion Prevention System (SIPS) which bases on the concept of Stateful Protocol Anomaly Detection and Flow-based Inspection. SIPS is implemented by a finite state machine to inspect all coming email flows. It is according to the media type of email flow and their characteristics. On the test of a real email environment, our approach can prevent attacks on SMTP attack (mail bomb) average about 95.4% and spam average about 91.1%.
منابع مشابه
mOS: A Reusable Networking Stack for Flow Monitoring Middleboxes
Stateful middleboxes, such as intrusion detection systems and application-level firewalls, have provided key functionalities in operating modern IP networks. However, designing an efficient middlebox is challenging due to the lack of networking stack abstraction for TCP flow processing. Thus, middlebox developers often write the complex flow management logic from scratch, which is not only pron...
متن کاملArchitecture for a hardware based, TCP/IP content scanning system [intrusion detection system applications]
Hardware assisted intrusion detection systems and content scanning engines are needed to process data at multigigabit line rates. These systems, when placed within the core of the Internet, are subject to millions of simultaneous flows, with each flow potentially containing data of interest. Existing IDS systems are not capable of processing millions of flows at gigabit-per-second data rates. T...
متن کاملGASPP: A GPU-Accelerated Stateful Packet Processing Framework
Graphics processing units (GPUs) are a powerful platform for building high-speed network traffic processing applications using low-cost hardware. Existing systems tap the massively parallel architecture of GPUs to speed up certain computationally intensive tasks, such as cryptographic operations and pattern matching. However, they still suffer from significant overheads due to criticalpath oper...
متن کاملMHIDCA: Multi Level Hybrid Intrusion Detection and Continuous Authentication for MANET Security
Mobile ad-hoc networks have attracted a great deal of attentions over the past few years. Considering their applications, the security issue has a great significance in them. Security scheme utilization that includes prevention and detection has the worth of consideration. In this paper, a method is presented that includes a multi-level security scheme to identify intrusion by sensors and authe...
متن کاملTraffic Analysis: From Stateful Firewall to Network Intrusion Detection System
Computer network is already an indispensable part of our modern life. To keep our network run smoothly, we need to know its condition. This calls for the necessity of analyzing the traffic (packets) on the network. In this paper, we investigate traffic analysis techniques need in stateful firewall and network intrusion detection system (NIDS). Stateful firewall analyzes packets up to their laye...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2007