Archivo Abierto Institucional de la Universidad Carlos III de Madrid: A functional framework to evade network IDS

DSpace

e-Archivo

	Home

Browse
	Scientific Research
	Academic thesis
	Journals
	Digital collections
	Institutional Documentation
	Issue Date
	Author
	Title
	Subject

Login:
	My E-Archivo authorized users

	Help and guides
	Feedback

Archivo Abierto Institucional de la Universidad Carlos III de Madrid > Investigación > Departamentos > Departamento de Informática > Grupo de Seguridad de las Tecnologías de la Información y de las Comunicaciones > DI - SETI - Artículos en Congresos Internacionales >

Please use this identifier to cite or link to this item: http://hdl.handle.net/10016/9987

Google™ Scholar. Others By: Pastrana, Sergio - Orfila, Agustín - Ribagorda, Arturo

Files in This Item:

functional_HICSS_2011_ps.pdf

495,34 kB

Adobe PDF

formato pdf

Title:	A functional framework to evade network IDS
Author(s):	Pastrana, Sergio Orfila, Agustín Ribagorda, Arturo
Publisher:	IEEE
Issued date:	Jan-2011
Citation:	44th Hawaii International Conference on System Science. IEEE, 2011, pp. 1-10
URI:	http://hdl.handle.net/10016/9987
ISBN:	978-1-4244-9618-1
ISSN:	1530-1605
DOI:	http://dx.doi.org/10.1109/HICSS.2011.12
Description:	Proceeding of: 44th Hawaii International Conference on System Science, Kauai, HI, January 4-7, 2011
Abstract:	Signature based Network Intrusion Detection Systems (NIDS) apply a set of rules to identify hostile traffic in network segments. Currently they are so effective detecting known attacks that hackers seek new techniques to go unnoticed. Some of these techniques consist of exploiting network protocols ambiguities. Nowadays NIDS are prepared against most of these evasive techniques, as they are recognized and sorted out. The emergence of new evasive forms may cause NIDS to fail. In this paper we present an innovative functional framework to evade NIDS. Primary, NIDS are modeled accurately by means of Genetic Programming (GP). Then, we show that looking for evasions on models is simpler than directly trying to understand the behavior of NIDS. We present a proof of concept showing how to evade a self-built NIDS regarding two publicly available datasets. Our framework can be used to audit NIDS.
Sponsor:	This work was partially supported by CDTI, Ministerio de Industria, Turismo y Comercio of Spain in collaboration with Telefonica I+D, Project SEGUR@ CENIT-2007 2004.
Publisher version:	http://dx.doi.org/10.1109/HICSS.2011.12
Keywords:	Network Intrusion Detection Systems IDS Evasion
Rights:	© IEEE
Appears in Collections:	DI - SETI - Capítulos de Monografías DI - SETI - Artículos en Congresos Internacionales

Items in E-Archivo are protected by copyright, with all rights reserved, unless otherwise indicated.

© Universidad Carlos III de Madrid - Software DSpace - Terms of use - Feedback