Search: onr:"swepub:oai:DiVA.org:kau-75755" >
Using Partial Signa...
Using Partial Signatures in Intrusion Detection for Multipath TCP
-
- Afzal, Zeeshan, 1991- (author)
- Karlstads universitet,Institutionen för matematik och datavetenskap (from 2013),PriSec
-
- Garcia, Johan, 1970- (author)
- Karlstads universitet,Institutionen för matematik och datavetenskap (from 2013)
-
- Lindskog, Stefan, 1967- (author)
- Karlstads universitet,Institutionen för matematik och datavetenskap (from 2013)
-
show more...
-
- Brunström, Anna, 1967- (author)
- Karlstads universitet,Institutionen för matematik och datavetenskap (from 2013)
-
show less...
-
(creator_code:org_t)
- 2019-11-13
- 2019
- English.
-
In: Secure IT-systems. - Cham, Switzerland : Springer. ; , s. 71-86
- Related links:
-
https://urn.kb.se/re...
-
show more...
-
https://doi.org/10.1...
-
show less...
Abstract
Subject headings
Close
- Traditional security mechanisms such as signature basedintrusion detection systems (IDSs) attempt to find a perfect match of aset of signatures in network traffic. Such IDSs depend on the availabilityof a complete application data stream. With emerging protocols such asMultipath TCP (MPTCP), this precondition cannot be ensured, result-ing in false negatives and IDS evasion. On the other hand, if approximatesignature matching is used instead in an IDS, a potentially high numberof false positives make the detection impractical. In this paper, we showthat, by using a specially tailored partial signature matcher and knowl-edge about MPTCP semantics, the Snort3 IDS can be empowered withpartial signature detection. Additionally, we uncover the type of Snort3rules suitable for the task of partial matching. Experimental results withthese rules show a low false positive rate for benign traffic and highdetection coverage for attack traffic.
Subject headings
- NATURVETENSKAP -- Data- och informationsvetenskap -- Datavetenskap (hsv//swe)
- NATURAL SCIENCES -- Computer and Information Sciences -- Computer Sciences (hsv//eng)
Keyword
- Computer Science
- Datavetenskap
- Computer Science
- Datavetenskap
Publication and Content Type
- ref (subject category)
- kon (subject category)
To the university's database