Title :
Automatic backdoor analysis with a network intrusion detection system and an integrated service checker
Author :
Juslin, Jukka ; Virtanen, Teermpekka
Author_Institution :
Helsinki Univ. of Technol., Espoo, Finland
Abstract :
We examine how a network intrusion detection system can be used as a trigger for service checking and reporting. This approach reduces the amount of false alerts (false positives) and raises the quality of the alert report. A sample data over the Christmas period of year 2002 is analyzed as an example and detection of unauthorized SSH servers used as the main application. Unauthorized interactive backdoors to a network belong to the most dangerous class of intrusions (D. Zamboni et al., 1998). These backdoors are usually installed by root-kits, to hide the system compromise activity. They are a gateway to launch exploits, gain super-user access to hosts in the internal network and use the attacked network as a stepping stone to attack other networks. In this research, we have developed software and done statistical analysis to assess and prevent such situations.
Keywords :
alarm systems; authorisation; computer crime; computer networks; network servers; statistical analysis; telecommunication security; telecommunication traffic; alarm filtering; alert report; automatic backdoor analysis; false alert reduction; integrated service checker; network intrusion detection system; statistical analysis; super-user access; system compromise activity; unauthorized SSH server; unauthorized interactive backdoor; Automation; Computer worms; Electronic mail; Filtering; Intrusion detection; Intserv networks; Linux; Network servers; Statistical analysis; Telecommunication traffic;
Conference_Titel :
Information Assurance Workshop, 2003. IEEE Systems, Man and Cybernetics Society
Print_ISBN :
0-7803-7808-3
DOI :
10.1109/SMCSIA.2003.1232410
