Jump to main content
US EPA
United States Environmental Protection Agency
Search
Search
Main menu
Environmental Topics
Laws & Regulations
About EPA
Health & Environmental Research Online (HERO)
Contact Us
Print
Feedback
Export to File
Search:
This record has one attached file:
Add More Files
Attach File(s):
Display Name for File*:
Save
Citation
Tags
HERO ID
8395839
Reference Type
Meetings & Symposia
Title
TNT: Transparent network and transport layer normalizer
Author(s)
Cao, AT; Varun, K
Year
2007
Publisher
World Scientific Publishing Co. Pte Ltd
Page Numbers
151-167
Language
English
Abstract
Security administrators use network intrusion detection systems (NID systems) as a tool for detecting attacks and misuse, using passive monitoring techniques. However, there are sophisticated attacks which use ambiguities in protocol specifications to subvert detection. In these attacks, the destination endpoint reconstructs a malicious interpretation, whereas the passive NID system's protocol stack interprets the protocol as a benign exchange. There is a dire need for a new software element at the entry point of the network, which transparently modifies network traffic, so as to remove all possible ambiguities. This will ensure that all internal hosts and the NIDS interpret the traffic in a uniform way, hence removing all chances of an attack sneaking past the NIDS, unnoticed and unmonitored. In this paper, we will present the design and implementation of a normalizer whose job is to eliminate evasion and insertion attacks against an NIDS at the transport and network layers. © 2007 World Scientific Publishing Co. Pte. Ltd.
Home
Learn about HERO
Using HERO
Search HERO
Projects in HERO
Risk Assessment
Transparency & Integrity