Syntax Vs. Semantics: Competing Approaches to Dynamic Network Intrusion Detection

In this paper, the authors have described both syntax-based and semantic based approaches for dynamic network intrusion detection. For syntax-based approaches, they evaluated a fixed-partition and variable-length partition sliding-window scheme for automatic worm generation. Their results indicate that the variable length partition scheme is more flexible and can handle several types of polymorphic worms. To deal with more sophisticated polymorphic and metamorphic worms, they propose a semantic-aware approach. They have designed and built a NIDS with semantic analysis capability. They have performed extensive tests on their prototype system.