de
en
Close
Detailsuche
Bibliotheken
Projekt
Imprint
Privacy Policy
Close
Publizieren
Besondere Sammlungen
Digitalisierungsservice
Hilfe
Impressum
Datenschutz
jump to main content
Search Details
Quicksearch:
OK
Result-List
Title
Title
Content
Content
Page
Page
Search Book
Efficient intrusion detection in high-speed networks / Felix Erlacher. Paderborn, 2019
Content
1 Introduction
1.1 Intrusion Detection Systems
1.2 Research Questions
1.3 Thesis Organization and Contribution
1.4 Publications
1.4.1 Publications This Thesis Is Based On
1.4.2 Publications Not Related to This Thesis
1.5 A Note on Moral Implications of Network Monitoring
2 Fundamentals and Related Work
2.1 Improving the Network Throughput Performance of NIDS
2.1.1 Improving the Pattern Matching of NIDS
2.1.2 Reducing Network Traffic for Analysis
2.2 Flow Monitoring
2.2.1 Cisco NetFlow
2.2.2 Internet Protocol Flow Information Export (IPFIX)
2.3 Flow-Based Intrusion Detection
2.4 The Vermont Network Monitoring Toolkit
2.5 Intrusion Detection on Encrypted Traffic
3 Web 2.0 Security
3.1 Motivation
3.2 New Attacks of the Web 2.0
3.2.1 Merging of Security Domains Inside a Browser
3.2.2 Incomplete or Conflicting Standards
3.2.3 Unjustified Trust in the DNS and Public Key Infrastructures
3.3 Practical Mitigation Methods Today
3.3.1 Browser-Side Approaches
3.3.2 Server-Side Approaches
3.3.3 Solutions for Intermediate Devices
3.3.4 Attack Coverage
3.4 Open Research Challenges
3.4.1 Browsers Protection Against Typical Web 2.0 Attacks
3.4.2 Protection in Intermediate Devices
3.4.3 Secure and Easy to Use Application Frameworks for the Server-Side
3.4.4 Rethinking the Interaction Between Browser, Server and Components
3.5 Lessons Learned
4 Combining Anomaly Detectors Using Controlled Skips
4.1 Motivation
4.2 Architecture
4.2.1 Packet Analysis
4.2.2 Controlled Load Allocation Scheme
4.2.3 Post-Processing of Packets
4.3 Evaluation
4.3.1 Anomaly Detection Algorithms
4.3.2 Controlled Load Allocation Scheme
4.3.3 Behavior under Stress
4.4 Lessons Learned
5 Preprocessing HTTP for Network Monitoring and Intrusion Detection
5.1 Motivation
5.2 Importance of HTTP-Related Threats
5.3 Aggregating HTTP into IPFIX
5.3.1 Related Work In HTTP Monitoring and Aggregation
5.3.2 HTTP Aggregation Architecture
5.3.3 TCP Reassembly Engine
5.3.4 HTTP Parser
5.3.5 HTTP Aggregation Evaluation
5.4 HPA: HTTP-Based Payload Aggregation
5.4.1 HPA Concept
5.4.2 HPA Implementation
5.4.3 HPA Evaluation
5.5 Lessons Learned
6 FIXIDS: A Signature-Based Flow Intrusion Detection System
6.1 Motivation
6.2 FIXIDS
6.2.1 Rules and Signatures
6.2.2 Implementation
6.3 Evaluation Experiment Setup
6.3.1 Snort
6.3.2 FIXIDS Setup
6.3.3 Vermont Flow Probe
6.3.4 nProbe Flow Probe
6.3.5 Network Setup
6.3.6 Used Detection Rules
6.3.7 Attack Network Traffic
6.3.8 Realistic Network Traffic
6.4 Functional Evaluation
6.5 Throughput Performance Evaluation
6.5.1 Basic Throughput Experiments
6.5.2 Third-Party Flow Exporter Experiments
6.5.3 Real World Scenario
6.6 Lessons Learned
7 GENESIDS: An Automated System for Generating Attack Traffic
7.1 Motivation
7.2 Related Work in Traffic Generation
7.3 GENESIDS Architecture
7.3.1 Input and Connection Management
7.3.2 Rules
7.3.3 Limitations
7.3.4 Generating Mixed Traffic
7.4 Evaluation
7.5 Lessons Learned
8 Conclusion
Bibliography
The search-operation requires javascript to be activated.