de
en
Schliessen
Detailsuche
Bibliotheken
Projekt
Impressum
Datenschutz
Schliessen
Publizieren
Besondere Sammlungen
Digitalisierungsservice
Hilfe
Impressum
Datenschutz
zum Inhalt
Detailsuche
Schnellsuche:
OK
Ergebnisliste
Titel
Titel
Inhalt
Inhalt
Seite
Seite
Im Werk suchen
Efficient intrusion detection in high-speed networks / Felix Erlacher. Paderborn, 2019
Inhalt
1 Introduction
1.1 Intrusion Detection Systems
1.2 Research Questions
1.3 Thesis Organization and Contribution
1.4 Publications
1.4.1 Publications This Thesis Is Based On
1.4.2 Publications Not Related to This Thesis
1.5 A Note on Moral Implications of Network Monitoring
2 Fundamentals and Related Work
2.1 Improving the Network Throughput Performance of NIDS
2.1.1 Improving the Pattern Matching of NIDS
2.1.2 Reducing Network Traffic for Analysis
2.2 Flow Monitoring
2.2.1 Cisco NetFlow
2.2.2 Internet Protocol Flow Information Export (IPFIX)
2.3 Flow-Based Intrusion Detection
2.4 The Vermont Network Monitoring Toolkit
2.5 Intrusion Detection on Encrypted Traffic
3 Web 2.0 Security
3.1 Motivation
3.2 New Attacks of the Web 2.0
3.2.1 Merging of Security Domains Inside a Browser
3.2.2 Incomplete or Conflicting Standards
3.2.3 Unjustified Trust in the DNS and Public Key Infrastructures
3.3 Practical Mitigation Methods Today
3.3.1 Browser-Side Approaches
3.3.2 Server-Side Approaches
3.3.3 Solutions for Intermediate Devices
3.3.4 Attack Coverage
3.4 Open Research Challenges
3.4.1 Browsers Protection Against Typical Web 2.0 Attacks
3.4.2 Protection in Intermediate Devices
3.4.3 Secure and Easy to Use Application Frameworks for the Server-Side
3.4.4 Rethinking the Interaction Between Browser, Server and Components
3.5 Lessons Learned
4 Combining Anomaly Detectors Using Controlled Skips
4.1 Motivation
4.2 Architecture
4.2.1 Packet Analysis
4.2.2 Controlled Load Allocation Scheme
4.2.3 Post-Processing of Packets
4.3 Evaluation
4.3.1 Anomaly Detection Algorithms
4.3.2 Controlled Load Allocation Scheme
4.3.3 Behavior under Stress
4.4 Lessons Learned
5 Preprocessing HTTP for Network Monitoring and Intrusion Detection
5.1 Motivation
5.2 Importance of HTTP-Related Threats
5.3 Aggregating HTTP into IPFIX
5.3.1 Related Work In HTTP Monitoring and Aggregation
5.3.2 HTTP Aggregation Architecture
5.3.3 TCP Reassembly Engine
5.3.4 HTTP Parser
5.3.5 HTTP Aggregation Evaluation
5.4 HPA: HTTP-Based Payload Aggregation
5.4.1 HPA Concept
5.4.2 HPA Implementation
5.4.3 HPA Evaluation
5.5 Lessons Learned
6 FIXIDS: A Signature-Based Flow Intrusion Detection System
6.1 Motivation
6.2 FIXIDS
6.2.1 Rules and Signatures
6.2.2 Implementation
6.3 Evaluation Experiment Setup
6.3.1 Snort
6.3.2 FIXIDS Setup
6.3.3 Vermont Flow Probe
6.3.4 nProbe Flow Probe
6.3.5 Network Setup
6.3.6 Used Detection Rules
6.3.7 Attack Network Traffic
6.3.8 Realistic Network Traffic
6.4 Functional Evaluation
6.5 Throughput Performance Evaluation
6.5.1 Basic Throughput Experiments
6.5.2 Third-Party Flow Exporter Experiments
6.5.3 Real World Scenario
6.6 Lessons Learned
7 GENESIDS: An Automated System for Generating Attack Traffic
7.1 Motivation
7.2 Related Work in Traffic Generation
7.3 GENESIDS Architecture
7.3.1 Input and Connection Management
7.3.2 Rules
7.3.3 Limitations
7.3.4 Generating Mixed Traffic
7.4 Evaluation
7.5 Lessons Learned
8 Conclusion
Bibliography
Die detaillierte Suchanfrage erfordert aktiviertes Javascript.