N-gram Against the Machine: On the Feasibility of the N-gram Network Analysis for Binary Protocols

Hadžiosmanović, Dina and Simionato, Lorenzo and Bolzoni, Damiano and Zambon, Emmanuele and Etalle, Sandro (2012) N-gram Against the Machine: On the Feasibility of the N-gram Network Analysis for Binary Protocols. In: 15th International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2012, 12-14 September 2012, Amsterdam, The Netherlands.

PDF
Restricted to UT campus only: Request a copy
183Kb

Abstract:	In recent years we have witnessed several complex and high-impact attacks specifically targeting “binary” protocols (RPC, Samba and, more recently, RDP). These attacks could not be detected by current – signature-based – detection solutions, while – at least in theory – they could be detected by state-of-the-art anomaly-based systems. This raises once again the still unanswered question of how effective anomaly-based systems are in practice. To contribute to answering this question, in this paper we investigate the effectiveness of a widely studied category of network intrusion detection systems: anomaly-based algorithms using n-gram analysis for payload inspection. Specifically, we present a thorough analysis and evaluation of several detection algorithms using variants of n-gram analysis on real-life environments. Our tests show that the analyzed systems, in presence of data with high variability, cannot deliver high detection and low false positive rates at the same time.
Item Type:	Conference or Workshop Item
Copyright:	© 2012 Springer
Faculty:	Electrical Engineering, Mathematics and Computer Science (EEMCS)
Research Group:	Distributed and Embedded Systems (DIES)
Link to this item:	http://purl.utwente.nl/publications/81815
Official URL:	http://dx.doi.org/10.1007/978-3-642-33338-5_18
Export this item as:	BibTeX EndNote HTML Citation Reference Manager

Show download statistics for this publication

Repository Staff Only: item control page