Kerckhoffs入侵检测原理

Networks 2008 - The 13th International Telecommunications Network Strategy and Planning Symposium Pub Date : 2008-09-01 DOI:10.1109/NETWKS.2008.4763730

S. Mrdović, B. Perunicic

{"title":"Kerckhoffs入侵检测原理","authors":"S. Mrdović, B. Perunicic","doi":"10.1109/NETWKS.2008.4763730","DOIUrl":null,"url":null,"abstract":"One of the basic principles of cryptography is that the security of a system must depend not on keeping secret the algorithm, but only the key. This principle is known as Kerckhoffs' Principle. In this paper we propose application of this principle in intrusion detection systems. The fact that attackers know the intrusion detection algorithm will not help them if there is a secret key for each implementation that makes it different enough from the others. Implementation of network packet payload anomaly detection IDS that enables application of the idea is presented. Results for various keys confirm excellent detection capabilities. Proof of concept mimicry attack protection example is provided.","PeriodicalId":442274,"journal":{"name":"Networks 2008 - The 13th International Telecommunications Network Strategy and Planning Symposium","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"21","resultStr":"{\"title\":\"Kerckhoffs' principle for intrusion detection\",\"authors\":\"S. Mrdović, B. Perunicic\",\"doi\":\"10.1109/NETWKS.2008.4763730\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"One of the basic principles of cryptography is that the security of a system must depend not on keeping secret the algorithm, but only the key. This principle is known as Kerckhoffs' Principle. In this paper we propose application of this principle in intrusion detection systems. The fact that attackers know the intrusion detection algorithm will not help them if there is a secret key for each implementation that makes it different enough from the others. Implementation of network packet payload anomaly detection IDS that enables application of the idea is presented. Results for various keys confirm excellent detection capabilities. Proof of concept mimicry attack protection example is provided.\",\"PeriodicalId\":442274,\"journal\":{\"name\":\"Networks 2008 - The 13th International Telecommunications Network Strategy and Planning Symposium\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"21\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Networks 2008 - The 13th International Telecommunications Network Strategy and Planning Symposium\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/NETWKS.2008.4763730\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Networks 2008 - The 13th International Telecommunications Network Strategy and Planning Symposium","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NETWKS.2008.4763730","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 21

摘要

密码学的一个基本原则是，系统的安全性必须不依赖于对算法保密，而只依赖于对密钥保密。这个原理被称为Kerckhoffs原理。本文提出了该原理在入侵检测系统中的应用。如果每个实现都有一个使其与其他实现足够不同的秘密密钥，那么攻击者知道入侵检测算法的事实将无法帮助他们。给出了网络数据包有效载荷异常检测IDS的实现，实现了该思想的应用。对各种钥匙的检测结果证实了出色的检测能力。给出了概念验证的仿真攻击防护实例。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Kerckhoffs' principle for intrusion detection

One of the basic principles of cryptography is that the security of a system must depend not on keeping secret the algorithm, but only the key. This principle is known as Kerckhoffs' Principle. In this paper we propose application of this principle in intrusion detection systems. The fact that attackers know the intrusion detection algorithm will not help them if there is a secret key for each implementation that makes it different enough from the others. Implementation of network packet payload anomaly detection IDS that enables application of the idea is presented. Results for various keys confirm excellent detection capabilities. Proof of concept mimicry attack protection example is provided.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Networks 2008 - The 13th International Telecommunications Network Strategy and Planning Symposium

自引率

0.00%

发文量