TCP/IP illustrated (vol. 2): the implementation
TCP/IP illustrated (vol. 2): the implementation
Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
A technique for counting natted hosts
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Network intrusion detection: evasion, traffic normalization, and end-to-end protocol semantics
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Enhancing byte-level network intrusion detection signatures with context
Proceedings of the 10th ACM conference on Computer and communications security
Conversation Exchange Dynamics for Real-Time Network Monitoring and Anomaly Detection
IWIA '04 Proceedings of the Second IEEE International Information Assurance Workshop (IWIA'04)
Shield: vulnerability-driven network filters for preventing known vulnerability exploits
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
A Comprehensive Approach to Intrusion Detection Alert Correlation
IEEE Transactions on Dependable and Secure Computing
Signaling Vulnerabilities in Wiretapping Systems
IEEE Security and Privacy
WormTerminator: an effective containment of unknown and polymorphic fast spreading worms
Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
An architecture for generating semantics-aware signatures
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
An overview of anomaly detection techniques: Existing solutions and latest technological trends
Computer Networks: The International Journal of Computer and Telecommunications Networking
On the (un)reliability of eavesdropping
International Journal of Security and Networks
Design and analysis of a multipacket signature detection system
International Journal of Security and Networks
Deflating the big bang: fast and scalable deep packet inspection with extended finite automata
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
A Tool for Offline and Live Testing of Evasion Resilience in Network Intrusion Detection Systems
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Fast Signature Matching Using Extended Finite Automaton (XFA)
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
TCP Reassembler for Layer7-Aware Network Intrusion Detection/Prevention Systems
IEICE - Transactions on Information and Systems
Browser Fingerprinting from Coarse Traffic Summaries: Techniques and Implications
DIMVA '09 Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Multi-byte Regular Expression Matching with Speculation
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Analyzing network-aware active wardens in IPv6
IH'06 Proceedings of the 8th international conference on Information hiding
Listen too closely and you may be confused
Proceedings of the 13th international conference on Security protocols
NetShield: massive semantics-based vulnerability signature matching for high-speed networks
Proceedings of the ACM SIGCOMM 2010 conference
Improving NFA-based signature matching using ordered binary decision diagrams
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Characterizing Intelligence Gathering and Control on an Edge Network
ACM Transactions on Internet Technology (TOIT)
An untold story of middleboxes in cellular networks
Proceedings of the ACM SIGCOMM 2011 conference
Fast, memory-efficient regular expression matching with NFA-OBDDs
Computer Networks: The International Journal of Computer and Telecommunications Networking
Enhancing the accuracy of network-based intrusion detection with host-based context
DIMVA'05 Proceedings of the Second international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Revisiting network scanning detection using sequential hypothesis testing
Security and Communication Networks
Adversarial attacks against intrusion detection systems: Taxonomy, solutions and open issues
Information Sciences: an International Journal
Scap: stream-oriented network traffic capture and analysis for high-speed networks
Proceedings of the 2013 conference on Internet measurement conference
| Hi-index | 0.00 |
A critical problem faced by a Network Intrusion DetectionSystem (NIDS) is that of ambiguity.TheNIDScannot always determine what traffic reaches a givenhost nor how that host will interpret the traffic, and attackersmay exploit this ambiguity to avoid detection orcause misleading alarms. We present a lightweight solution,Active Mapping, which eliminates TCP/IP-basedambiguity in a NIDS' analysis with minimal runtimecost. Active Mapping efficiently builds profiles of thenetwork topology and the TCP/IP policies of hosts onthe network; a NIDS may then use the host profiles todisambiguate the interpretation of the network traffic ona per-host basis. Active Mapping avoids the semanticand performance problems of traffic normalization,inwhich traffic streams are modified to remove ambiguities.We have developed a prototype implementation ofActive Mapping and modified a NIDS to use the ActiveMapping-generated profile database in our tests. Wefound wide variation across operating systems' TCP/IPstack policies in real-world tests (about 6,700 hosts), underscoringthe need for this sort of disambiguation.