Back to Search
Start Over
N-gram against the machine : on the feasibility of the N-gram network analysis for binary protocols
- Source :
- Research in attacks, intrusions, and defenses (15th International Symposium, RAID 2012, Amsterdam, The Netherlands, September 12-14, 2012. Proceedings), 354-373, STARTPAGE=354;ENDPAGE=373;TITLE=Research in attacks, intrusions, and defenses (15th International Symposium, RAID 2012, Amsterdam, The Netherlands, September 12-14, 2012. Proceedings), Research in Attacks, Intrusions, and Defenses ISBN: 9783642333378, RAID, Proceedings of the 15th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2012), 354-373, STARTPAGE=354;ENDPAGE=373;TITLE=Proceedings of the 15th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2012)
- Publication Year :
- 2012
- Publisher :
- Springer, 2012.
-
Abstract
- In recent years we have witnessed several complex and high-impact attacks specifically targeting "binary" protocols (RPC, Samba and, more recently, RDP). These attacks could not be detected by current --- signature-based --- detection solutions, while --- at least in theory --- they could be detected by state-of-the-art anomaly-based systems. This raises once again the still unanswered question of how effective anomaly-based systems are in practice. To contribute to answering this question, in this paper we investigate the effectiveness of a widely studied category of network intrusion detection systems: anomaly-based algorithms using n-gram analysis for payload inspection. Specifically, we present a thorough analysis and evaluation of several detection algorithms using variants of n-gram analysis on real-life environments. Our tests show that the analyzed systems, in presence of data with high variability, cannot deliver high detection and low false positive rates at the same time.
- Subjects :
- EWI-22269
METIS-296090
Computer science
N-gram
SCS-Cybersecurity
Payload (computing)
Binary protocol
binary protocol
02 engineering and technology
Industrial control system
Intrusion detection system
computer.software_genre
Detection
n-gram
IR-81815
DIES-Network Security
020204 information systems
0202 electrical engineering, electronic engineering, information engineering
020201 artificial intelligence & image processing
False positive rate
Data mining
Anomaly (physics)
computer
Network analysis
feasibility
Subjects
Details
- Language :
- English
- ISBN :
- 978-3-642-33337-8
- ISBNs :
- 9783642333378
- Database :
- OpenAIRE
- Journal :
- Research in attacks, intrusions, and defenses (15th International Symposium, RAID 2012, Amsterdam, The Netherlands, September 12-14, 2012. Proceedings), 354-373, STARTPAGE=354;ENDPAGE=373;TITLE=Research in attacks, intrusions, and defenses (15th International Symposium, RAID 2012, Amsterdam, The Netherlands, September 12-14, 2012. Proceedings), Research in Attacks, Intrusions, and Defenses ISBN: 9783642333378, RAID, Proceedings of the 15th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2012), 354-373, STARTPAGE=354;ENDPAGE=373;TITLE=Proceedings of the 15th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2012)
- Accession number :
- edsair.doi.dedup.....15c398d49f6a75c4103d00198fd52700