One of the biggest challenges in the network intrusion detection field is the limitation imposed by the use of well-known attack signatures that disable the previous detection of new attacks. This work presents a packet analysis methodology for detecting anomalous behaviors, not based on attack signatures, but on verifying whether the network protocols are being violated, and on the content of the respective headers. The biggest
benefit of this methodology is the possibility of detecting anomalies or inadequate behaviors that can correspond, totally or partially, to variations on well-known and unknown attacks.
Attack signatures, intrusion detection, protocol violation, unknown attacks.
To return to the Volume/Number webpage, click here.
THE INTERNATIONAL JOURNAL OF FORENSIC COMPUTER SCIENCE - IJoFCS
Volume 1, Number 1, pp 49-56, DOI: 10.5769/J200601007 or http://dx.doi.org/10.5769/J200601007
Attacks Detection Based on IP and TCP Protocols Violation
By Norma Gomes and Luiz Mattos
To download this paper, click here