Sciweavers

TNC
2004

Realtime Intrusion-Forensics: A First Prototype Implementation (based on a stack-based NIDS)

14 years 2 months ago
Realtime Intrusion-Forensics: A First Prototype Implementation (based on a stack-based NIDS)
The function of a Network Intrusion Detection System (NIDS) is to identify any misuse and abnormal behavior determined as an attack to a network segment or network host. The proposed concept is a pump-in-the-stack approach. This means, that NIDS-features are integrated into the network stack of our operating systems. Using the native stack is important, since this is the only place in our operating systems where we can get access to all packets (passing the stack) in realtime quality. The idea is to make use of already existing knowledge about state transitions, memory content, header information, and packet payload. This is very similar to stack hardening. But while hardening mechanisms are limited to block malicious traffic (violating RFC793), the proposed approach is to collect as much evidence as possible and to do some simple forensic analysis. Knowing that IPv4 is not suitable to collect information about the actual source of an attack, but there is no real difference to traditi...
Udo Payer
Added 31 Oct 2010
Updated 31 Oct 2010
Type Conference
Year 2004
Where TNC
Authors Udo Payer
Comments (0)