標題: Evasion Techniques: Sneaking through Your Intrusion Detection/Prevention Systems
作者: Cheng, Tsung-Huan
Lin, Ying-Dar
Lai, Yuan-Cheng
Lin, Po-Ching
資訊工程學系
Department of Computer Science
關鍵字: IDS/IPS;evasion;attacks;signature
公開日期: 2012
摘要: Detecting attacks disguised by evasion techniques is a challenge for signature-based Intrusion Detection Systems (IDSs) and Intrusion Prevention Systems (IPSs). This study examines five common evasion techniques to determine their ability to evade recent systems. The denial-of-service (DoS) attack attempts to disable a system by exhausting its resources. Packet splitting tries to chop data into small packets, so that a system may not completely reassemble the packets for signature matching. Duplicate insertion can mislead a system if the system and the target host discard different TCP/IP packets with a duplicate offset or sequence. Payload mutation fools a system with a mutative payload. Shellcode mutation transforms an attacker's shellcode to escape signature detection. This study assesses the effectiveness of these techniques on three recent signature-based systems, and among them, explains why Snort can be evaded. The results indicate that duplicate insertion becomes less effective on recent systems, but packet splitting, payload mutation and shellcode mutation can be still effective against them.
URI: http://hdl.handle.net/11536/21310
http://dx.doi.org/10.1109/SURV.2011.092311.00082
ISSN: 1553-877X
DOI: 10.1109/SURV.2011.092311.00082
期刊: IEEE COMMUNICATIONS SURVEYS AND TUTORIALS
Volume: 14
Issue: 4
起始頁: 1011
結束頁: 1020
Appears in Collections:Articles


Files in This Item:

  1. 000315392500005.pdf

If it is a zip file, please download the file and unzip it, then open index.html in a browser to view the full text content.