direkt zum Inhalt springen

direkt zum Hauptnavigationsmenü

Sie sind hier

TU Berlin

Inhalt des Dokuments

Es gibt keine deutsche Übersetzung dieser Webseite.

Marco Caninis's Publications

Dynamic Protocol Analysis for Network Intrusion Detection Systems
Zitatschlüssel M-DPANIDS-05
Autor Mai, Michael
Jahr 2005
Adresse Munich, Germany
Monat September
Schule Technische Universität München
Zusammenfassung Many Network Intrusion Detection Systems (NIDSs) perform application layer protocol analysis. These systems typically infer the protocol from the ports in the TCP or UDP headers. This is not a reliable technique since many protocols do not use fixed ports. On the other hand there exist better methods to identify used application layer protocols e.g. signatures. In this thesis we present design and implementation of an architecture for NIDSs which supports the integration of these advanced methods for dynamic protocol analysis. The design is suitable for analyzing tunneled connections as well. Our implementation for the open source system Bro uses its existing signature matching engine as additional protocol detection method. On the basis of this prototype we show the results under the aspects of detection rate, need of performance and the interaction of both.
Typ der Publikation Diplomarbeit
Link zur Publikation Download Bibtex Eintrag

Zusatzinformationen / Extras


Schnellnavigation zur Seite über Nummerneingabe