An SNMP Agent for Stateful Intrusion Inspection

Free registration required

Executive Summary

Intrusion Detection Systems (IDSs) have been increasingly used in organizations, in addition to other security mechanisms, to detect intrusions to systems and networks. In the recent years several IDSs have been released, but the high number of false alarms generated, the lack of a high-level notation for attack signature specification, and the difficulty to integrate IDSs with existing network management infrastructure hinder their wide-spread and efficient use. In this paper the authors address these problems by presenting an SNMP agent for stateful intrusion inspection. By using a state machine-based language called PTSL (Protocol Trace Specication Language), the network manager can describe attack signatures that should be monitored.

  • Format: PDF
  • Size: 318.2 KB