|
|
|
Date Submitted:
08/18/05
Hits: 65 Rating:  based on 0 votes
Network Intrusion Detection Signatures, Part 5Added by Papergrl
Description:
This is the fifth and final installment in a series of articles on understanding and developing signatures for network intrusion detection systems. In the previous article, we looked at the topic of protocol analysis, meaning that the intrusion detection system actually understands how various protocols, such as FTP, are supposed to work. We initially looked at protocol analysis as it applied to a single request or response. In this article, we will extend this discussion by looking closely at stateful protocol analysis, which involves performing protocol analysis for an entire connection or session, capturing and storing certain pieces of relevant data seen in the session, and using that data to identify attacks that involve multiple requests and responses.
Read the Complete Paper You don't have permission to post replies. Please login or register. |