direkt zum Inhalt springen

direkt zum Hauptnavigationsmenü

Sie sind hier

TU Berlin

Page Content

Eirini Spartinou's Publications

Dynamic Protocol Analysis for Network Intrusion Detection Systems
Citation key M-DPANIDS-05
Author Mai, Michael
Year 2005
Address Munich, Germany
Month September
School Technische Universit√§t M√ľnchen
Abstract Many Network Intrusion Detection Systems (NIDSs) perform application layer protocol analysis. These systems typically infer the protocol from the ports in the TCP or UDP headers. This is not a reliable technique since many protocols do not use fixed ports. On the other hand there exist better methods to identify used application layer protocols e.g. signatures. In this thesis we present design and implementation of an architecture for NIDSs which supports the integration of these advanced methods for dynamic protocol analysis. The design is suitable for analyzing tunneled connections as well. Our implementation for the open source system Bro uses its existing signature matching engine as additional protocol detection method. On the basis of this prototype we show the results under the aspects of detection rate, need of performance and the interaction of both.
Bibtex Type of Publication Diplomarbeit
Link to publication Download Bibtex entry

Zusatzinformationen / Extras

Quick Access:

Schnellnavigation zur Seite über Nummerneingabe