Inhalt des Dokuments
Es gibt keine deutsche Übersetzung dieser Webseite.
Robin Sommer's Publications
Zitatschlüssel | DKPS-EANIDHC-05 |
---|---|
Autor | Dreger, Holger and Kreibich, Christian and Paxson, Vern and Sommer, Robin |
Buchtitel | Proceedings of the 2nd GI Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA 2005) |
Jahr | 2005 |
Zusammenfassung | In the recent past, both network- and host-based approaches to intrusion detection have received much attention in the network security community. No approach, taken exclusively, provides a satisfactory solution: network-based systems are prone to evasion, while host-based solutions suffer from scalability and maintenance problems. In this paper we present an integrated approach, leveraging the best of both worlds: we preserve the advantages of network-based detection, but alleviate its weaknesses by improving the accuracy of the traffic analysis with specific host-based context. Our framework preserves a separation of policy from mechanism, is highly configurable and more flexible than sensor/manager-based architectures, and imposes a low overhead on the involved end hosts. We include a case study of our approach for a notoriously hard problem for purely network-based systems: the correct processing of HTTP requests. |
Zusatzinformationen / Extras
Direktzugang:
Schnellnavigation zur Seite über Nummerneingabe