Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Using Partial Signatures in Intrusion Detection for Multipath TCP
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013). (PriSec)ORCID iD: 0000-0001-9886-6651
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).ORCID iD: 0000-0003-3461-7079
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).ORCID iD: 0000-0003-0778-4736
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).ORCID iD: 0000-0001-7311-9334
2019 (English)In: Secure IT-systems: 24th Nordic Conference, NordSec 2019, Aalborg, Denmark, November 18–20, 2019, Proceedings / [ed] Aslan Askarov, René Rydhof Hansen, Willard Rafnsson, Cham, Switzerland: Springer, 2019, p. 71-86Conference paper, Published paper (Refereed)
Abstract [en]

Traditional security mechanisms such as signature basedintrusion detection systems (IDSs) attempt to find a perfect match of aset of signatures in network traffic. Such IDSs depend on the availabilityof a complete application data stream. With emerging protocols such asMultipath TCP (MPTCP), this precondition cannot be ensured, result-ing in false negatives and IDS evasion. On the other hand, if approximatesignature matching is used instead in an IDS, a potentially high numberof false positives make the detection impractical. In this paper, we showthat, by using a specially tailored partial signature matcher and knowl-edge about MPTCP semantics, the Snort3 IDS can be empowered withpartial signature detection. Additionally, we uncover the type of Snort3rules suitable for the task of partial matching. Experimental results withthese rules show a low false positive rate for benign traffic and highdetection coverage for attack traffic.

Place, publisher, year, edition, pages
Cham, Switzerland: Springer, 2019. p. 71-86
Series
Lecture Notes in Computer Science, ISSN 0302-9743 ; 11875
National Category
Engineering and Technology
Research subject
Computer Science; Computer Science
Identifiers
URN: urn:nbn:se:kau:diva-75755DOI: 10.1007/978-3-030-35055-0_5OAI: oai:DiVA.org:kau-75755DiVA, id: diva2:1370341
Conference
NordSec2019: 24th Nordic Conference on Secure IT Systems, 18-20 November, 2019, Aalborg, Denmark,
Available from: 2019-11-14 Created: 2019-11-14 Last updated: 2019-11-21Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full text

Authority records BETA

Afzal, ZeeshanGarcia, JohanLindskog, StefanBrunström, Anna

Search in DiVA

By author/editor
Afzal, ZeeshanGarcia, JohanLindskog, StefanBrunström, Anna
By organisation
Department of Mathematics and Computer Science (from 2013)
Engineering and Technology

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 5 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf