{"title":"基于状态模型的多包多会话签名检测","authors":"P. Pawar, M. Singh, S. Narayanan","doi":"10.1109/IADCC.2010.5423011","DOIUrl":null,"url":null,"abstract":"Signature Detection modules in IDS/IPS though accurate in pattern matching, yet it leads to false positives. This is due to the incompleteness of the signatures which lacks or has very little information about when, where and how to match these signatures. The signatures enriched with this information significantly brings down the false positives and at the same time enhances the performance of the signature detection module. In this paper we propose a state base signature detection model which leverages on our state aware signatures with sufficiently complete information to match these signatures. The proposed model keeps track of the state of the connection and matches the signatures within appropriate packets. We further classify our signatures that span across multiple packet and across multiple sessions. We also provide the notion of virtual signatures which represents patterns within packets in a distributed form. In this paper we demonstrate the capabilities of our proposed model to detect these virtual patterns, multi-packet and multi-session leveraging on our state aware signatures.","PeriodicalId":249763,"journal":{"name":"2010 IEEE 2nd International Advance Computing Conference (IACC)","volume":"61 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Multi-packet & multi-session signature detection using state based model\",\"authors\":\"P. Pawar, M. Singh, S. Narayanan\",\"doi\":\"10.1109/IADCC.2010.5423011\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Signature Detection modules in IDS/IPS though accurate in pattern matching, yet it leads to false positives. This is due to the incompleteness of the signatures which lacks or has very little information about when, where and how to match these signatures. The signatures enriched with this information significantly brings down the false positives and at the same time enhances the performance of the signature detection module. In this paper we propose a state base signature detection model which leverages on our state aware signatures with sufficiently complete information to match these signatures. The proposed model keeps track of the state of the connection and matches the signatures within appropriate packets. We further classify our signatures that span across multiple packet and across multiple sessions. We also provide the notion of virtual signatures which represents patterns within packets in a distributed form. In this paper we demonstrate the capabilities of our proposed model to detect these virtual patterns, multi-packet and multi-session leveraging on our state aware signatures.\",\"PeriodicalId\":249763,\"journal\":{\"name\":\"2010 IEEE 2nd International Advance Computing Conference (IACC)\",\"volume\":\"61 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-03-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2010 IEEE 2nd International Advance Computing Conference (IACC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IADCC.2010.5423011\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 IEEE 2nd International Advance Computing Conference (IACC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IADCC.2010.5423011","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Multi-packet & multi-session signature detection using state based model
Signature Detection modules in IDS/IPS though accurate in pattern matching, yet it leads to false positives. This is due to the incompleteness of the signatures which lacks or has very little information about when, where and how to match these signatures. The signatures enriched with this information significantly brings down the false positives and at the same time enhances the performance of the signature detection module. In this paper we propose a state base signature detection model which leverages on our state aware signatures with sufficiently complete information to match these signatures. The proposed model keeps track of the state of the connection and matches the signatures within appropriate packets. We further classify our signatures that span across multiple packet and across multiple sessions. We also provide the notion of virtual signatures which represents patterns within packets in a distributed form. In this paper we demonstrate the capabilities of our proposed model to detect these virtual patterns, multi-packet and multi-session leveraging on our state aware signatures.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
