Syntax vs. semantics: competing approaches to dynamic network intrusion detection Online publication date: Sun, 09-Dec-2007
by Walter Scheirer, Mooi Choo Chuah
International Journal of Security and Networks (IJSN), Vol. 3, No. 1, 2008
Abstract: Malicious network traffic, including widespread worm activity, is a growing threat to internet-connected networks and hosts. In this paper, we consider both syntax and semantics based approaches for dynamic network intrusion detection. The semantics-based approach can cope with sophisticated polymorphic and metamorphic worms better than the syntax-based approach. Our contribution in this work is threefold: our syntax-based scheme that uses variable-length partition with multiple breakmarks can detect many polymorphic worms; we believe our semantic-based prototype is the first NIDS that provides semantics-aware capability and our system is more efficient than what is reported by Christodorescu et al. (2005); our designed templates capture polymorphic shellcodes with added sequences of stack and mathematic operations.
Existing subscribers:
Go to Inderscience Online Journals to access the Full Text of this article.
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Security and Networks (IJSN):
Login with your Inderscience username and password:
Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.
If you still need assistance, please email subs@inderscience.com