HANDLING NETWORK INTRUSION: NORMALIZATIONS TRAFFIC TRADE-OFF, ATTACKS, AND SECURITY

Publication Date : 01/08/2010

Author(s) :

GARBA, S., MAS’UD, A.A., ABDU-AGUYE, U-F, JIBRIL, Y..

Volume/Issue :

Volume 5

Issue 2

(08 - 2010)

Abstract :

The ability of a skilled attacker to evade detection by exploiting ambiguities in the traffic stream as seen by the monitor is a problem for network intrusion detection systems. The viability of addressing this problem by introducing a network forwarding element called a traffic normalizer is discussed. The normalizer sits directly in the path of traffic into a site and patches up the packet stream to eliminate potential ambiguities before the traffic is seen by the monitor, removing evasion opportunities. A number of tradeoffs in designing a normalizer is examined. The key practical issues of “cold start” and attacks on the normalizer, and develop a methodology for systematically examining the ambiguities present in a protocol based on walking the protocol’s header is addressed. Presented is implementation of a normalizer that can normalize a TCP traffic stream in memory-to-memory copies, suggesting that a kernel implementation using PC hardware could keep pace with a bidirectional link with sufficient headroom to weather a high-speed flooding attack of packets.

No. of Downloads :

About BayeroJet

The new Bayerojet Journal is designed to be able to manage the increasing number of published articles. The new system will allow the publishers as well as the Bayerojet team to make publishing more efficient. If you wish to publish an article it will be very easy. All you have to do is to submit your paper online and wait to the review before it will be finally published. You can manage your articles and send new versions at any time. Browse through our page to find out more.