Abstract
It is often the case that more than one signature is triggered on a given group of packets, depending on the signature database used by the IDS. For performance reasons, network IDSs often impose an alert limit (i.e., they restrict) on the number of signatures that can be triggered on a given group of packets. Thus, it is possible that some signatures that should be triggered to properly identify attacks are not verified by the IDS and lead to an IDS Evasion attack. In this poster, we introduce the concept of packet space analysis as a solution to address these problems.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Massicotte, F. (2009). Packet Space Analysis of Intrusion Detection Signatures. In: Kirda, E., Jha, S., Balzarotti, D. (eds) Recent Advances in Intrusion Detection. RAID 2009. Lecture Notes in Computer Science, vol 5758. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04342-0_26
Download citation
DOI: https://doi.org/10.1007/978-3-642-04342-0_26
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04341-3
Online ISBN: 978-3-642-04342-0
eBook Packages: Computer ScienceComputer Science (R0)