DocumentCode
2051941
Title
Network intrusion detection with semantics-aware capability
Author
Scheirer, Walter ; Chuah, Mooi Choo
Author_Institution
Dept. of Comput. Sci. & Eng., Lehigh Univ., Bethlehem, PA, USA
fYear
2006
fDate
25-29 April 2006
Abstract
Malicious network traffic, including widespread worm activity, is a growing threat to Internet-connected networks and hosts. In this paper, we propose a network intrusion detection system (NIDS) with semantics-aware capability. Our NIDS segregates suspicious traffic from the regular traffic flow, extracts binary code from the suspicious traffic, and performs semantic analysis on it to identify potential threats. Our contributions in this work are threefold: (a) we believe our prototype is the first NIDS that provides semantics-aware capability, (b) our implementation is more efficient than what is reported in (M. Christodorescu et al., 2005) (c) our designed templates can capture polymorphic shellcodes with added sequences of stack and mathematic operations.
Keywords
Internet; binary codes; security of data; telecommunication traffic; Internet; binary code; malicious network traffic; network intrusion detection; semantics-aware capability; Binary codes; Computer science; Computer worms; IP networks; Intrusion detection; Performance analysis; Performance evaluation; Prototypes; Telecommunication traffic; Viruses (medical);
fLanguage
English
Publisher
ieee
Conference_Titel
Parallel and Distributed Processing Symposium, 2006. IPDPS 2006. 20th International
Print_ISBN
1-4244-0054-6
Type
conf
DOI
10.1109/IPDPS.2006.1639678
Filename
1639678
Link To Document