|
|
|
Date Submitted:
08/18/05
Hits: 72 Rating:  based on 0 votes
Network Intrusion Detection Signatures, Part 2Added by Papergrl
Description:
This is the second in a series of articles on understanding and developing signatures for network intrusion detection systems. In the first installment we looked at signature basics, the functions that signatures serve, header values, signature components, and choosing signatures. In this article we will continue our discussion of IP protocol header values in signatures by closely examining some signature examples. Although it may be relatively easy to develop a signature that matches a particular type of traffic, it will likely cause unexpected false positives and false negatives. Signatures must be carefully developed and tested in order to create a signature set that is highly accurate, yet is also as efficient as possible.
Read the Complete Paper You don't have permission to post replies. Please login or register. |