Skip to main content
SpringerLink
Log in

Design and Implementation of Detection Engine Against IDS Evasion with Unicode

  • Conference paper
Current Trends in High Performance Computing and Its Applications

  • 1137 Accesses

Summary

The fast extension of inexpensive computer networks has increased the problem of unauthorized access and tampering with data. As a response to increased threats, many Signature-based Intrusion Detection Systems have been developed. Current NIDSs are barely capable of real-time traffic analysis and detecting IDS evasion techniques on Fast Ethernet links. Gigabit Ethernet has become the actual standard for large network installations. Therefore, there is an emerging need for enhanced security analysis techniques that can keep up with the increased network throughput. This paper introduces the whole architecture of our system designed to perform intrusion detection on high-speed links and proposes the efficient Detection Engine against IDS evasion techniques that is run by FPGA logic.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. B.-K. Kim, Ik-K. Kim, K.-Y. Kim, J.-S. Jang: Design and Implementation of High Performance Intrusion Detection System, ICCSA (2004).

    Google Scholar 

  2. T. Ptacek and T. Newsham: Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection, Secure Networks Inc (1998).

    Google Scholar 

  3. M. Roesch: Snort-Lightweight Intrusion Detection for Networks, USENIX LISA’ 99 (1999).

    Google Scholar 

  4. V. Paxson, Bro: a system for detecting network intruders in real-time, Computer Networks 31, 23–24 (1999).

    Article  Google Scholar 

  5. D. Denning: An Intrusion Detection Model, IEEE Trans. on Software Engineering (1987).

    Google Scholar 

  6. R. Kemmerer and V. Giovanni: Intrusion Detection: A Brief History and overview, IEEE Security and Privacy, 27–30 (2002).

    Google Scholar 

  7. A. Valdes and K. Skinner: Adaptive, Model-based Monitoring for Cyber Attack Detection, RAID (2000).

    Google Scholar 

  8. Eric Hacker: IDS Evasion with Unicode, SecurityFocus Infocus (Online), Available: http://www.securityfocus.com (2001).

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Security Gateway System Team, Electronics and Telecommunications Research Institute, 161 Gajeong-Dong, Yuseoung-Gu, Daejeon, 305-350, Korea, Republic

    Dongho Kang, Jintae Oh, Kiyoung Kim & Jongsoo Jang

Authors
  1. Dongho Kang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jintae Oh
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kiyoung Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jongsoo Jang
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Computer Engineering and Science, Shanghai University, 200072, Shanghai, People’s Republic of China

    Wu Zhang  & Weiqin Tong  & 

  2. Department of Mathematics, Southern Methodist University, 75275-0156, Dallas, TX, USA

    Zhangxin Chen

  3. Department of Mathematics, University of Houston, 77204-3476, Houston, TX, USA

    Roland Glowinski

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kang, D., Oh, J., Kim, K., Jang, J. (2005). Design and Implementation of Detection Engine Against IDS Evasion with Unicode. In: Zhang, W., Tong, W., Chen, Z., Glowinski, R. (eds) Current Trends in High Performance Computing and Its Applications. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-27912-1_40

Download citation

Publish with us

Policies and ethics

Search

Navigation