Health & Environmental Research Online (HERO)


Print Feedback Export to File
8395839 
Meetings & Symposia 
TNT: Transparent network and transport layer normalizer 
Cao, AT; Varun, K 
2007 
World Scientific Publishing Co. Pte Ltd 
151-167 
English 
Security administrators use network intrusion detection systems (NID systems) as a tool for detecting attacks and misuse, using passive monitoring techniques. However, there are sophisticated attacks which use ambiguities in protocol specifications to subvert detection. In these attacks, the destination endpoint reconstructs a malicious interpretation, whereas the passive NID system's protocol stack interprets the protocol as a benign exchange. There is a dire need for a new software element at the entry point of the network, which transparently modifies network traffic, so as to remove all possible ambiguities. This will ensure that all internal hosts and the NIDS interpret the traffic in a uniform way, hence removing all chances of an attack sneaking past the NIDS, unnoticed and unmonitored. In this paper, we will present the design and implementation of a normalizer whose job is to eliminate evasion and insertion attacks against an NIDS at the transport and network layers. © 2007 World Scientific Publishing Co. Pte. Ltd.