Go home now Header Background Image
Search
Submission Procedure
share: |
Special Issues
Submission Procedure
Aims and Scope
Board of Editors
What's New
 
Follow us
 
Articles by Topics
Articles by Author
Geographical Mashup
List of Topics
 
Printed Publications
 
Volume 26 (2020)
Volume 25 (2019)
Volume 24 (2018)
Volume 23 (2017)
Volume 22 (2016)
Volume 21 (2015)
Volume 20 (2014)
Volume 19 (2013)
Volume 18 (2012)
Volume 17 (2011)
Volume 16 (2010)
Volume 15 (2009)
Volume 14 (2008)
Volume 13 (2007)
Volume 12 (2006)
Volume 11 (2005)
Issue 1
Issue 2
Issue 3
Issue 4
Issue 5
Issue 6
Issue 7
Issue 8
Issue 9
Issue 10
Issue 11
Issue 12
Volume 10 (2004)
Volume 9 (2003)
Volume 8 (2002)
Volume 7 (2001)
Volume 6 (2000)
Volume 5 (1999)
Volume 4 (1998)
Volume 3 (1997)
Volume 2 (1996)
Volume 1 (1995)
Volume 0 (1994)
 
Collection of other papers
Volume 11 / Issue 1

available in:   HTML (61 kB) PDF (82 kB) PS (54 kB)
 
get:  
Similar Docs BibTeX   Write a comment
  
get:  
Links into Future
 
DOI:   10.3217/jucs-011-01-0083

 

ProtoMon: Embedded Monitors for Cryptographic Protocol Intrusion Detection and Prevention

Sachin P. Joglekar (University of North Texas, USA)

Stephen R. Tate (University of North Texas, USA)

Abstract: Intrusion Detection Systems (IDS) are responsible for monitoring and analyzing host or network activity to detect intrusions in order to protect information from unauthorized access or manipulation. There are two main approaches for intrusion detection: signature-based and anomaly-based. Signature_based detection employs pattern matching to match attack signatures with observed data making it ideal for detecting known attacks. However, it cannot detect unknown attacks for which there is no signature available. Anomaly-based detection uses machine-learning techniques to create a profile of normal system behavior and uses this profile to detect deviations from the normal behavior. Although this technique is effective in detecting unknown attacks, it has a drawback of a high false alarm rate. In this paper, we describe our anomaly_based IDS designed for detecting malicious use of cryptographic and application-level protocols. Our system has several unique characteristics and benefits, such as the ability to monitor cryptographic protocols and application-level protocols embedded in encrypted sessions, a very lightweight monitoring process, and the ability to react to protocol misuse by modifying protocol response directly.

Keywords: Computer Security, Cryptographic Protocol Abuse, Intrusion Detection

Categories: C.2.0, D.4.6, K.6.5