You are here: silicon.com > Resources > White Papers > Security > Intrusion - Tampering > Network Security

Network Security White Papers

Enhancing Byte-Level Network Intrusion Detection Signatures With Context

Tags:
network security

Overview Many Network Intrusion Detection Systems (NIDS) use byte sequences as signatures to detect malicious activity. While being highly efficient, they tend to suffer from a high false-positive rate. This paper develops the concept of contextual signatures as an improvement of string-based signature-matching. Rather than matching fixed strings in isolation, the paper augments the matching process with additional context. When designing an efficient signature engine for the NIDS Bro, the paper provides low-level context by using regular expressions for matching, and high-level context by taking advantage of the semantic information made available by Bro's protocol analysis and scripting language. Therewith, the paper greatly enhances the signature's expressiveness and hence the ability to reduce false positives.

Further White Paper Details
Publisher	Association for Computing Machinery	File Format	PDF
Date Published	October 2003
Format	White Papers
Topics	Network Security, Security Tools, Intrusion Detection Systems

Did you find this white paper useful?

Balancing Security Against Productivity

Publisher:
Novell

Novell Zenworks Endpoint Security Management: Total Control from a Single Console

Publisher:
Novell

Secure Desktop On-Demand Webcast

Publisher:
Novell

U.S. Bancorp: Using VeriSign to Further Strengthen Its Network Security

Publisher:
VeriSign

NAC 2.0: A new model for a more secure future

Publisher:
Sophos

Signing up the competition - have digital signatures met their match?

There are around eighteen other hacker detection products on the market, and they are all based on signatures. Digital signatures may have hit the headlines for securing ecommerce transactions, but in more traditional security fields, they are...

Channel:
Comment & Analysis

US security council fights back

The pattern-matching system, known as the Federal Intrusion Detection Network (Fidet) would alert authorities to attacks which could cripple Government operations or even the economy. Clinton's National Security Council (NSC) is calling for a...

Channel:
Security Strategy

Security experts warn of massive hack attack

Ryan explained: "Most other Trojan Horses, like BackOrifice, create a permanent connection so it is easier to detect. Peapod has already discovered one well-known Slovenian hacker site offering a malicious version of the software.

Channel:
Security Strategy

Microsoft anti-spyware tool gets a makeover

The signatures, used to pinpoint which software is malicious, are now distributed through Windows Update, instead of through a separate tool particular to the program. Microsoft has changed how it delivers signature updates for the anti-spyware...

eEye looks to open source for antivirus

Signature-based systems check potentially malicious software against a database of known threats while behavioural systems look at a program's behaviour to determine whether or not it is malicious. Clam AntiVirus is fast in offering signatures for...

Quocirca's Straight Talking: RFID - what can it do for the business?

Proponents of RFID will say the technology makes it simple to tag and identify individual objects with a unique identity, rather than just identifying the group to which an object belongs, and that RFID readers can detect multiple tags at a...

Channel:
LANs
Tags:
rfid

Virtualisation: Architectual Considerations and other Evaluation Criteria

In the past several years, server virtualisation technology has moved quickly and firmly into the IT mainstream. Of the many approaches to system virtualisation available in the market today, VMware's hypervisor architecture has gained the greatest market acceptance. This paper examines the architectural issues, solution support, and enterprise readiness required when deploying such a virtualisation solution.

Publisher:
EMC

Getting Started with Master Data Management

Master data management forms part of an overall enterprise governance program that aims to establish trusted data throughout the enterprise. This white paper from Mike Ferguson of Intelligent Business Strategies defines master data, examines why it is needed, and explores methodologies for implementing master data management.

Publisher:
DataFlux

Optimising Storage with Global File Virtualisation

This white paper will provide an overview on how Rainfinity Global File Virtualisation virtualises unstructured data environments and moves data -including active, open files-without disruption to users or applications. Rainfinity is the only enterprise-class file virtualisation solution, and delivers complete NAS optimisation across geterogeneous environments, such as NAS, CAS, and file servers.

Publisher:
EMC

Also on silicon.com

Site Navigation:

Network Security White Papers

Enhancing Byte-Level Network Intrusion Detection Signatures With Context

Quick Sitemap Links:

About Us

Search

Blogs

Verticals

Advertising Features

CNET Networks in Europe

CNET Networks in the United States

CNET Networks in Asia Pacific