Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
TNC
2004
2004
Realtime Intrusion-Forensics: A First Prototype Implementation (based on a stack-based NIDS)
The function of a Network Intrusion Detection System (NIDS) is to identify any misuse and abnormal behavior determined as an attack to a network segment or network host. The proposed concept is a pump-in-the-stack approach. This means, that NIDS-features are integrated into the network stack of our operating systems. Using the native stack is important, since this is the only place in our operating systems where we can get access to all packets (passing the stack) in realtime quality. The idea is to make use of already existing knowledge about state transitions, memory content, header information, and packet payload. This is very similar to stack hardening. But while hardening mechanisms are limited to block malicious traffic (violating RFC793), the proposed approach is to collect as much evidence as possible and to do some simple forensic analysis. Knowing that IPv4 is not suitable to collect information about the actual source of an attack, but there is no real difference to traditi...
Real-time TrafficEducation | Intrusion Detection Systems | Network Intrusion Detection System | Operating Systems | TNC 2004 |
| Added | 31 Oct 2010 |
| Updated | 31 Oct 2010 |
| Type | Conference |
| Year | 2004 |
| Where | TNC |
| Authors | Udo Payer |
Comments (0)
Researcher Info
|
