The 1999 DARPA off-line intrusion detection evaluation
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
Mimicry attacks on host-based intrusion detection systems
Proceedings of the 9th ACM conference on Computer and communications security
Specification-based anomaly detection: a new approach for detecting network intrusions
Proceedings of the 9th ACM conference on Computer and communications security
Anomaly detection of web-based attacks
Proceedings of the 10th ACM conference on Computer and communications security
Network traffic anomaly detection based on packet bytes
Proceedings of the 2003 ACM symposium on Applied computing
Unsupervised learning techniques for an intrusion detection system
Proceedings of the 2004 ACM symposium on Applied computing
Intrusion Prevention and Active Response: Deploying Network and Host IPS
Intrusion Prevention and Active Response: Deploying Network and Host IPS
Evading network anomaly detection systems: formal reasoning and practical techniques
Proceedings of the 13th ACM conference on Computer and communications security
Learning DFA representations of HTTP for protecting web applications
Computer Networks: The International Journal of Computer and Telecommunications Networking
SigFree: a signature-free buffer overflow attack blocker
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Challenging the anomaly detection paradigm: a provocative discussion
NSPW '06 Proceedings of the 2006 workshop on New security paradigms
On the infeasibility of modeling polymorphic shellcode
Proceedings of the 14th ACM conference on Computer and communications security
A multi-model approach to the detection of web-based attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
Undermining an anomaly-based intrusion detection system using common exploits
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Comparing anomaly detection techniques for HTTP
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Anagram: a content anomaly detector resistant to mimicry attack
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
| Hi-index | 0.00 |
Since most current network attacks happen at the application layer, analysis of packet payload is necessary for their detection. Unfortunately malicious packets may be crafted to mimic normal payload, and so avoid detection if the anomaly detection method is known. This paper proposes keyed packet payload anomaly detection NIDS. Model of normal payload is key dependent. Key is different for each implementation of the method and is kept secret. Therefore model of normal payload is secret although detection method is public. This prevents mimicry attacks. Payload is partitioned into words. Words are defined by delimiters. Set of delimiters plays a role of a key. Proposed design is implemented and tested. Testing with HTTP traffic confirmed the same detection capabilities for different keys.