標題: | Evasion Techniques: Sneaking through Your Intrusion Detection/Prevention Systems |
作者: | Cheng, Tsung-Huan Lin, Ying-Dar Lai, Yuan-Cheng Lin, Po-Ching 資訊工程學系 Department of Computer Science |
關鍵字: | IDS/IPS;evasion;attacks;signature |
公開日期: | 2012 |
摘要: | Detecting attacks disguised by evasion techniques is a challenge for signature-based Intrusion Detection Systems (IDSs) and Intrusion Prevention Systems (IPSs). This study examines five common evasion techniques to determine their ability to evade recent systems. The denial-of-service (DoS) attack attempts to disable a system by exhausting its resources. Packet splitting tries to chop data into small packets, so that a system may not completely reassemble the packets for signature matching. Duplicate insertion can mislead a system if the system and the target host discard different TCP/IP packets with a duplicate offset or sequence. Payload mutation fools a system with a mutative payload. Shellcode mutation transforms an attacker's shellcode to escape signature detection. This study assesses the effectiveness of these techniques on three recent signature-based systems, and among them, explains why Snort can be evaded. The results indicate that duplicate insertion becomes less effective on recent systems, but packet splitting, payload mutation and shellcode mutation can be still effective against them. |
URI: | http://hdl.handle.net/11536/21310 http://dx.doi.org/10.1109/SURV.2011.092311.00082 |
ISSN: | 1553-877X |
DOI: | 10.1109/SURV.2011.092311.00082 |
期刊: | IEEE COMMUNICATIONS SURVEYS AND TUTORIALS |
Volume: | 14 |
Issue: | 4 |
起始頁: | 1011 |
結束頁: | 1020 |
Appears in Collections: | Articles |
Files in This Item:
If it is a zip file, please download the file and unzip it, then open index.html in a browser to view the full text content.