CODE EMULATION IN NETWORK INTRUSION DETECTION PREVENTION SYSTEMS

摘要

The aim of this article was to scratch the surface of the real problem that IDS/IPS vendors try to battle. Personally, I think they are losing this battle for now. It seems that some attack detection should be done strictly at host level. HIDS should also introduce additional safeguards at the system level to stop particular attack classes. Such architecture should be strengthened with network-based IPSs. It will be interesting to see for how long we will have to deal with buffer overflow vulnerabilities. The introduction of different stack protection techniques in conjunction with safe versions of C/C++ functions should make buffer overflow attacks extinct within the next five to eight years. Then the presented emulator will have many more problems to battle.