Sciweavers

SP
2008
IEEE

Efficient and Robust TCP Stream Normalization

14 years 6 days ago
Efficient and Robust TCP Stream Normalization
Network intrusion detection and prevention systems are vulnerable to evasion by attackers who craft ambiguous traffic to breach the defense of such systems. A normalizer is an inline network element that thwarts evasion attempts by removing ambiguities in network traffic. A particularly challenging step in normalization is the sound detection of inconsistent TCP retransmissions, wherein an attacker sends TCP segments with different payloads for the same sequence number space to present a network monitor with ambiguous analysis. Normalizers that buffer all unacknowledged data to verify the consistency of subsequent retransmissions consume inordinate amounts of memory on highspeed links. On the other hand, normalizers that buffer only the hashes of unacknowledged segments cannot verify the consistency of 20
Mythili Vutukuru, Hari Balakrishnan, Vern Paxson
Added 15 Dec 2010
Updated 15 Dec 2010
Type Journal
Year 2008
Where SP
Authors Mythili Vutukuru, Hari Balakrishnan, Vern Paxson
Comments (0)