Signature Based Intrusion Detection for Zero-Day Attacks: (Not) A Closed Chapter?

机译：零日攻击的基于签名的入侵检测：（不）封闭章节？

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

A frequent claim that has not been validated is that signature based network intrusion detection systems (SNIDS) cannot detect zero-day attacks. This paper studies this property by testing 356 severe attacks on the SNIDS Snort, configured with an old official rule set. Of these attacks, 183 attacks are zero-days' to the rule set and 173 attacks are theoretically known to it. The results from the study show that Snort clearly is able to detect zero-days' (a mean of 17% detection). The detection rate is however on overall greater for theoretically known attacks (a mean of 54% detection). The paper then investigates how the zero-days' are detected, how prone the corresponding signatures are to false alarms, and how easily they can be evaded. Analyses of these aspects suggest that a conservative estimate on zero-day detection by Snort is 8.2%.

机译：尚未得到证实的一个常见说法是基于签名的网络入侵检测系统（SNIDS）无法检测到零时差攻击。本文通过测试对SNIDS Snort的356次严重攻击（使用旧的官方规则集进行配置）来研究此属性。在这些攻击中，有183次攻击是规则集的零天，而从理论上讲，有173次攻击是该规则集的零日。该研究的结果表明，Snort显然能够检测到零天（平均检测率为17％）。但是，对于理论上已知的攻击，检测率总体上更高（平均检测率为54％）。然后，论文研究了如何检测到零时差，相应的签名如何容易发生虚假警报以及如何容易地逃避。这些方面的分析表明，Snort对零日检测的保守估计为8.2％。

著录项

来源
《Annual Hawaii International Conference on System Sciences》|2014年|4895-4904|共10页
会议地点
作者
Holm H.;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类
关键词
Computer security; NIDS; code injection; exploits;

机译：计算机安全; NIDS;代码注入;漏洞;

相似文献

外文文献
中文文献
专利

1. Windows Based Data Sets for Evaluation of Robustness of Host Based Intrusion Detection Systems (IDS) to Zero-Day and Stealth Attacks [J] . Waqas Haider, Gideon Creech, Yi Xie, Future Internet . 2016,第3期

机译：基于Windows的数据集，用于评估基于主机的入侵检测系统（IDS）对零日攻击和隐形攻击的鲁棒性
2. Hue Signature Auto Update System for Visual Similarity-Based Phishing Detection with Tolerance to Zero-Day Attack [J] . Shuichiro HARUTA, Hiromu ASAHINA, Fumitaka YAMAZAKI, IEICE transactions on information and systems . 2019,第12期

机译：Hue签名自动更新系统，用于基于视觉相似度的网络钓鱼检测，可容忍零日攻击
3. Detection of zero-day attacks: An unsupervised port-based approach [J] . Blaise Agathe, Bouet Mathieu, Conan Vania, Computer networks . 2020,第Octa24期

机译：检测零天攻击：无监督的基于港口的方法
4. Signature Based Intrusion Detection for Zero-Day Attacks: (Not) A Closed Chapter? [C] . Holm H. Annual Hawaii International Conference on System Sciences . 2014

机译：基于零日攻击的签名入侵检测:(不是）关闭章节？
5. A novel Intrusion Detection System (IDS) architecture: Attack detection based on Snort for multistage attack scenarios in a multi-cores environment [D] . Pagna Disso de Muila, Jules Ferdinand 2010

机译：一种新颖的入侵检测系统（IDS）架构：基于Snort的攻击检测可在多核环境中进行多阶段攻击
6. Fusion of Heterogeneous Intrusion Detection Systems for Network Attack Detection [O] . Jayakumar Kaliappan, Revathi Thiagarajan, Karpagam Sundararajan 2015

机译：融合用于网络攻击检测的异构入侵检测系统
7. Signature Based Intrusion Detection for Zero-Day Attacks : (Not) A Closed Chapter? [O] . Holm, Hannes 2014

机译：零日攻击的基于签名的入侵检测：（不）封闭章节？

Signature Based Intrusion Detection for Zero-Day Attacks: (Not) A Closed Chapter?

摘要

著录项

相似文献

相关主题

期刊订阅