Evaluating intrusion prevention systems with evasions

Mikko Särelä*, Tomi Kyöstilä, Timo Kiravuo, Jukka Manner

*Tämän työn vastaava kirjoittaja

Tutkimustuotos: LehtiartikkeliArticleScientificvertaisarvioitu

6 Sitaatiot (Scopus)

Abstrakti

Intrusion prevention systems have become a common security measure in the past 20 years. Their promise is the possibility to prevent known attacks against vulnerable, unpatched devices inside enterprise networks. However, evasion techniques that enable the attacker to evade the eye of the intrusion prevention system are a potential problem for this capability. These techniques take advantage of the robustness principle that has guided designers to create systems that will try to recreate protocol content from any input they receive. In this work, we evaluated the effectiveness of 35 well-known evasions against 9 commercial and 1 free, state-of-the-art, intrusion prevention systems. We conducted 4 experiments with one million attacks against each device. Each system lets a significant amount (0.1%-45%) of attacks pass through unrecognized. Our results show that most existing intrusion prevention systems are vulnerable against evasions.

AlkuperäiskieliEnglanti
Artikkelie3339
Sivumäärä15
JulkaisuInternational Journal of Communication Systems
Vuosikerta30
Numero16
DOI - pysyväislinkit
TilaJulkaistu - marrask. 2017
OKM-julkaisutyyppiA1 Alkuperäisartikkeli tieteellisessä aikakauslehdessä

Sormenjälki

Sukella tutkimusaiheisiin 'Evaluating intrusion prevention systems with evasions'. Ne muodostavat yhdessä ainutlaatuisen sormenjäljen.

Siteeraa tätä