Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
CCS
2004
ACM
2004
ACM
Testing network-based intrusion detection signatures using mutant exploits
Misuse-based intrusion detection systems rely on models of attacks to identify the manifestation of intrusive behavior. Therefore, the ability of these systems to reliably detect attacks is strongly affected by the quality of their models, which are often called “signatures.” A perfect model would be able to detect all the instances of an attack without making mistakes, that is, it would produce a 100% detection rate with 0 false alarms. Unfortunately, writing good models (or good signatures) is hard. Attacks that exploit a specific vulnerability may do so in completely different ways, and writing models that take into account all possible variations is very difficult. For this reason, it would be beneficial to have testing tools that are able to evaluate the “goodness” of detection signatures. This work describes a technique to test and evaluate misuse detection models in the case of network-based intrusion detection systems. The testing technique is based on a mechanism ...
Real-time TrafficCCS 2004 | Intrusion Detection System | Misuse-based Intrusion Detection | Network-based Intrusion Detection | Security Privacy |
| Added | 01 Jul 2010 |
| Updated | 01 Jul 2010 |
| Type | Conference |
| Year | 2004 |
| Where | CCS |
| Authors | Giovanni Vigna, William K. Robertson, Davide Balzarotti |
Comments (0)
Researcher Info
|
