Компютърни системи за откриване и защита от нежелани прониквания при IP комуникации

Пасарелски, Росен (2016) Компютърни системи за откриване и защита от нежелани прониквания при IP комуникации. Technical Report. Научен електронен архив на НБУ, София. (Submitted)

[thumbnail of Coputer systems IDS_IP_new2016.doc] MS Word
Coputer systems IDS_IP_new2016.doc



There are two types of systems for intrusion detection IDS (Intrusion Detection Systems) - based on signature-based and anomaly in the system. Signature-based IDS identify malicious activity by inspecting individual packets and comparing it with reference samples of known signatures. Based on the identified fault attacks, by analyzing the total network traffic flows, and performing the comparison with pre-defined models of traffic characteristics (e.g., if the activity is within the normal or abnormal parameters). Both systems have strengths and weaknesses, but both are effective when properly applied.
VoIP communications using a combination of protocols for retransmission of communication messages, and they in their hand can use dynamically allocated ports. Also can be used different routes and this leads to different challenges sashestvuvashtite IDS systems. Although they are able to detect some of the related VoIP attacks with existing techniques, they still can not detect attacks such as kidnapping calls and sessions, manipulating the flow of conversation or manipulation of the media. For example, Snort IDS uses signature-based techniques to detect malicious activity associated with SIP signaling, the rules include detection of attacks such as SIP signaling bombarded with messages, port scans, backfilling with SYN requests and more.

Item Type:Monograph (Technical Report)
Additional Information:TITLE: Computer systems for intrusion detection in IP communications, AUTHOR: Rosen Pasarelski
Subjects:Telecommunication > Telecommunication systems and technology
ID Code:3088
Deposited By: professor Rosen I Pasarelski
Deposited On:26 Sep 2016 13:55
Last Modified:26 Sep 2016 13:55

Repository Staff Only: item control page