|
What is our motivation?
Intrusion Detection Systems (IDSs) identify and halt behaviours which are statistically associated with specific attack instances.
This requires the knowledge and statistics of specific attacks and for a third party to deploy the necessary fixes for these attacks.
On the other hand, the objective of the attacker is to disguise their attack in such a way that a detector is unable to identify their attack.
This approach is a purely reactive approach and requires the user to continually do updates and patches.
It becomes a race between the attacker and the user; who can attack or update first.
What is vulnerability analysis?
The above scenario introduces the importance of a proactive approach to intrusions.
Often, users will employ a vulnerability analysis technique to be more proactive.
Instead of reacting to an attack by patching, where potential damage can occur before the reaction, the vulnerability analysis technique identifies the potential of an attack, and its damaging affects, before it occurs.
Vulnerability analysis techniques provide a definition, an identification and classification of security holes, or vulnerabilities.
What will we be doing?
Using the above process, we will define, identify and classify the vulnerabilities of specific IDSs so that the effectiveness of the proposed countermeasures of these IDSs can be predicted and evaluated.
We will specifically investigate the effectiveness of state-of-the-art IDSs against buffer overflow attacks. To do this, the following steps will be employed:
- identify the IDSs
- understand vulnerability analysis tools
- employ the vulnerability analysis tools against these systems
- evaluate the results of the analysis
- develop a strategy to deal with the vulnerabilities
This research is sponsored by NSERC and the Canadian Distributed Mentorship Project.
|
|
|
home
|
best viewed with Internet Explorer 7.0 or Mozilla Firefox 2.0
|