M-DPANIDS-05
Michael Mai. Dynamic Protocol Analysis for Network Intrusion Detection Systems. Diplomarbeit Technische Universität München, Munich, Germany, September 2005.
Download [help]
Download paper:
Adobe portable document (pdf) 
Copyright notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. These works may not be reposted without the explicit permission of the copyright holder.
Abstract
Many Network Intrusion Detection Systems (NIDSs) perform application layer protocol analysis. These systems typically infer the protocol from the ports in the TCP or UDP headers. This is not a reliable technique since many protocols do not use fixed ports. On the other hand there exist better methods to identify used application layer protocols e.g. signatures. In this thesis we present design and implementation of an architecture for NIDSs which supports the integration of these advanced methods for dynamic protocol analysis. The design is suitable for analyzing tunneled connections as well. Our implementation for the open source system Bro uses its existing signature matching engine as additional protocol detection method. On the basis of this prototype we show the results under the aspects of detection rate, need of performance and the interaction of both.
Keywords
BibTex Reference
@MastersThesis{M-DPANIDS-05,
Author = {Mai, Michael},
Title = {Dynamic Protocol Analysis for Network Intrusion Detection Systems},
School = {Technische Universität München, Munich, Germany},
Type = {Diplomarbeit},
Month = {September},
Year = {2005}
}
EndNote Reference [help]
Get EndNote Reference (.ref)
It has been automatically generated using the bib2html program.