Return to search

Embedded monitors for detecting and preventing intrusions in cryptographic and application protocols.

There are two main approaches for intrusion detection: signature-based and anomaly-based. Signature-based detection employs pattern matching to match attack signatures with observed data making it ideal for detecting known attacks. However, it cannot detect unknown attacks for which there is no signature available. Anomaly-based detection builds a profile of normal system behavior to detect known and unknown attacks as behavioral deviations. However, it has a drawback of a high false alarm rate. In this thesis, we describe our anomaly-based IDS designed for detecting intrusions in cryptographic and application-level protocols. Our system has several unique characteristics, such as the ability to monitor cryptographic protocols and application-level protocols embedded in encrypted sessions, a very lightweight monitoring process, and the ability to react to protocol misuse by modifying protocol response directly.

Identiferoai:union.ndltd.org:unt.edu/info:ark/67531/metadc4414
Date12 1900
CreatorsJoglekar, Sachin P.
ContributorsTate, Stephen R., Mikler, Armin R., Dantu, Ram
PublisherUniversity of North Texas
Source SetsUniversity of North Texas
LanguageEnglish
Detected LanguageEnglish
TypeThesis or Dissertation
FormatText
RightsPublic, Copyright, Joglekar, Sachin P., Copyright is held by the author, unless otherwise noted. All rights reserved.

Page generated in 0.0021 seconds