Attack development for intrusion detector evaluation
Thesis (S.B. and M.Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2000.
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Thesis |
| Language: | eng |
| Published: |
Massachusetts Institute of Technology
2005
|
| Subjects: | |
| Online Access: | http://hdl.handle.net/1721.1/9080 |
| _version_ | 1826188407945035776 |
|---|---|
| author | Das, Kumar J. (Kumar Jay), 1978- |
| author2 | Richard Lippmann. |
| author_facet | Richard Lippmann. Das, Kumar J. (Kumar Jay), 1978- |
| author_sort | Das, Kumar J. (Kumar Jay), 1978- |
| collection | MIT |
| description | Thesis (S.B. and M.Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2000. |
| first_indexed | 2024-09-23T07:59:10Z |
| format | Thesis |
| id | mit-1721.1/9080 |
| institution | Massachusetts Institute of Technology |
| language | eng |
| last_indexed | 2024-09-23T07:59:10Z |
| publishDate | 2005 |
| publisher | Massachusetts Institute of Technology |
| record_format | dspace |
| spelling | mit-1721.1/90802019-04-09T15:57:14Z Attack development for intrusion detector evaluation Das, Kumar J. (Kumar Jay), 1978- Richard Lippmann. Massachusetts Institute of Technology. Dept. of Electrical Engineering and Computer Science. Massachusetts Institute of Technology. Dept. of Electrical Engineering and Computer Science. Electrical Engineering and Computer Science. Thesis (S.B. and M.Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2000. Includes bibliographical references (p. 96-97). An important goal of the 1999 DARPA Intrusion Detection Evaluation was to promote the development of intrusion detection systems that can detect new attacks. This thesis describes UNIX attacks developed for the 1999 DARPA Evaluation. Some attacks were new in 1999 and others were stealthy versions of 1998 User-to-Root attacks designed to evade network-based intrusion detection systems. In addition, new and old attacks were fragmented at the packet level to evade network-based intrusion detection systems. Results demonstrated that new and stealthy attacks were not detected well. New attacks that were never seen before were not detected by any network-based systems. Stealthy attacks, modified to be difficult to detect by network intrusion detection systems, were detected less accurately than clear versions. The best network-based system detected 42% of clear attacks and only 11% of stealthy attacks at 10 false alarms per day. A few attacks and background sessions modified with packet modifications eluded network intrusion detection systems causing them to generate false negatives and false positives due to improper TCP/IP reassembly. by Kumar J. Das. S.B.and M.Eng. 2005-08-24T19:31:29Z 2005-08-24T19:31:29Z 2000 2000 Thesis http://hdl.handle.net/1721.1/9080 46861805 eng M.I.T. theses are protected by copyright. They may be viewed from this source for any purpose, but reproduction or distribution in any format is prohibited without written permission. See provided URL for inquiries about permission. http://dspace.mit.edu/handle/1721.1/7582 97 p. 7142786 bytes 7142542 bytes application/pdf application/pdf application/pdf Massachusetts Institute of Technology |
| spellingShingle | Electrical Engineering and Computer Science. Das, Kumar J. (Kumar Jay), 1978- Attack development for intrusion detector evaluation |
| title | Attack development for intrusion detector evaluation |
| title_full | Attack development for intrusion detector evaluation |
| title_fullStr | Attack development for intrusion detector evaluation |
| title_full_unstemmed | Attack development for intrusion detector evaluation |
| title_short | Attack development for intrusion detector evaluation |
| title_sort | attack development for intrusion detector evaluation |
| topic | Electrical Engineering and Computer Science. |
| url | http://hdl.handle.net/1721.1/9080 |
| work_keys_str_mv | AT daskumarjkumarjay1978 attackdevelopmentforintrusiondetectorevaluation |