HOME       POLICIES       SUBMISSION        PEOPLE        ARCHIVES         CONFERENCES        CONTACT
ABSTRACT

One of the biggest challenges in the network intrusion detection field is the limitation imposed by the use of well-known attack signatures that disable the previous detection of new attacks. This work presents a packet analysis methodology for detecting anomalous behaviors, not based on attack signatures, but on verifying whether the network protocols are being violated, and on the content of the respective headers. The biggest
benefit of this methodology is the possibility of detecting anomalies or inadequate behaviors that can correspond, totally or partially, to variations on well-known and unknown attacks.


KEYWORDS

Attack signatures, intrusion detection, protocol violation, unknown attacks.

ARCHIVES
To return to the Volume/Number webpage, click here.
THE INTERNATIONAL JOURNAL OF FORENSIC COMPUTER SCIENCE - IJoFCS

Volume 1, Number 1, pp 49-56, DOI: 10.5769/J200601007 or http://dx.doi.org/10.5769/J200601007


Attacks Detection Based on IP and TCP Protocols Violation

By Norma Gomes and Luiz Mattos



To download this paper, click here