2012
DOI: 10.1109/surv.2011.092311.00082
|View full text |Cite
|
Sign up to set email alerts
|

Evasion Techniques: Sneaking through Your Intrusion Detection/Prevention Systems

Abstract: Abstract-Detecting attacks disguised by evasion techniques is a challenge for signature-based Intrusion Detection Systems (IDSs) and Intrusion Prevention Systems (IPSs). This study examines five common evasion techniques to determine their ability to evade recent systems. The denial-of-service (DoS) attack attempts to disable a system by exhausting its resources. Packet splitting tries to chop data into small packets, so that a system may not completely reassemble the packets for signature matching. Duplicate … Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1

Citation Types

0
33
0
1

Year Published

2014
2014
2019
2019

Publication Types

Select...
4
3

Relationship

0
7

Authors

Journals

citations
Cited by 70 publications
(38 citation statements)
references
References 30 publications
0
33
0
1
Order By: Relevance
“…Such systems mostly make use of common signature-based (or misuse-based) technique. This approach is known for its shortcomings [2][3][4][5]. Signatures describe only illegal patterns in network traffic, so a prior knowledge is required [2].…”
Section: Introductionmentioning
confidence: 99%
See 1 more Smart Citation
“…Such systems mostly make use of common signature-based (or misuse-based) technique. This approach is known for its shortcomings [2][3][4][5]. Signatures describe only illegal patterns in network traffic, so a prior knowledge is required [2].…”
Section: Introductionmentioning
confidence: 99%
“…Signatures describe only illegal patterns in network traffic, so a prior knowledge is required [2]. Signature-based solutions do not cope with evasion techniques and not known yet attacks (0-days) [3]. Moreover, they are unable to detect a specific attack until a rule for the corresponding vulnerability is created, tested, released and deployed, which usually takes long time [4,5].…”
Section: Introductionmentioning
confidence: 99%
“…Scap shares similar goals with Libnids and Stream5. However, previous works treat TCP stream reassembly as a necessity [15], mostly for the avoidance of evasion attacks against intrusion detection systems [7], [8], [10], [29]. On the contrary, Scap views transport-layer streams as the fundamental abstraction that is exported to network monitoring applications, and as the right vehicle to implement aggressive optimizations.…”
Section: Tcp Stream Reassemblymentioning
confidence: 99%
“…To make meaningful decisions, these monitoring applications need to analyze network traffic at the transport layer and above. For instance, NIDS reconstruct transport-layer streams to detect attack vectors that span multiple packets, and avoid evasion attacks [7]- [10].…”
Section: Introductionmentioning
confidence: 99%
See 1 more Smart Citation