ProtoMon: Embedded Monitors for Cryptographic Protocol Intrusion Detection and Prevention
- UNCG Author/Contributor (non-UNCG co-authors, if there are any, appear on document)
- Stephen R. Tate, Professor and Department Head (Creator)
- Institution
- The University of North Carolina at Greensboro (UNCG )
- Web Site: http://library.uncg.edu/
Abstract: Intrusion Detection Systems (IDS) are responsible for monitoring and analyzing host or network activity to detect intrusions in order to protect information from unauthorized access or manipulation. There are two main approaches for intrusion detection: signature-based and anomaly-based. Signature-based detection employs pattern matching to match attack signatures with observed data making it ideal for detecting known attacks. However, it cannot detect unknown attacks for which there is no signature available. Anomaly-based detection uses machine-learning techniques to create a profile of normal system behavior and uses this profile to detect deviations from the normal behavior. Although this technique is effective in detecting unknown attacks, it has a drawback of a high false alarm rate. In this paper, we describe our anomaly-based IDS designed for detecting malicious use of cryptographic and application-level protocols. Our system has several unique characteristics and benefits, such as the ability to monitor cryptographic protocols and application-level protocols embedded in encrypted sessions, a very lightweight monitoring process, and the ability to react to protocol misuse by modifying protocol response directly.
ProtoMon: Embedded Monitors for Cryptographic Protocol Intrusion Detection and Prevention
PDF (Portable Document Format)
574 KB
Created on 3/14/2011
Views: 2275
Additional Information
- Publication
- Journal of Universal Computer Science (JUCS), Vol. 11, No. 1, 2005, pp. 83–103.
- Language: English
- Date: 2005
- Keywords
- Computer Security, Intrusion Detection, Cryptographic Protocol Abuse