Sciweavers

CCS
2004
ACM

Testing network-based intrusion detection signatures using mutant exploits

14 years 6 months ago
Testing network-based intrusion detection signatures using mutant exploits
Misuse-based intrusion detection systems rely on models of attacks to identify the manifestation of intrusive behavior. Therefore, the ability of these systems to reliably detect attacks is strongly affected by the quality of their models, which are often called “signatures.” A perfect model would be able to detect all the instances of an attack without making mistakes, that is, it would produce a 100% detection rate with 0 false alarms. Unfortunately, writing good models (or good signatures) is hard. Attacks that exploit a specific vulnerability may do so in completely different ways, and writing models that take into account all possible variations is very difficult. For this reason, it would be beneficial to have testing tools that are able to evaluate the “goodness” of detection signatures. This work describes a technique to test and evaluate misuse detection models in the case of network-based intrusion detection systems. The testing technique is based on a mechanism ...
Giovanni Vigna, William K. Robertson, Davide Balza
Added 01 Jul 2010
Updated 01 Jul 2010
Type Conference
Year 2004
Where CCS
Authors Giovanni Vigna, William K. Robertson, Davide Balzarotti
Comments (0)