@inproceedings{8f798b2a4de249a2a51e312c0a8dff2a,
title = "N-gram against the machine : on the feasibility of the N-gram network analysis for binary protocols",
abstract = "In recent years we have witnessed several complex and high-impact attacks specifically targeting {"}binary{"} protocols (RPC, Samba and, more recently, RDP). These attacks could not be detected by current – signature-based – detection solutions, while – at least in theory – they could be detected by state-of-the-art anomaly-based systems. This raises once again the still unanswered question of how effective anomaly-based systems are in practice. To contribute to answering this question, in this paper we investigate the effectiveness of a widely studied category of network intrusion detection systems: anomaly-based algorithms using n-gram analysis for payload inspection. Specifically, we present a thorough analysis and evaluation of several detection algorithms using variants of n-gram analysis on real-life environments. Our tests show that the analyzed systems, in presence of data with high variability, cannot deliver high detection and low false positive rates at the same time.",
author = "D. Hadziosmanovic and L. Simionato and D. Bolzoni and E. Zambon and S. Etalle",
year = "2012",
doi = "10.1007/978-3-642-33338-5_18",
language = "English",
isbn = "978-3-642-33337-8",
series = "Lecture Notes in Computer Science",
publisher = "Springer",
pages = "354--373",
editor = "D. Balzarotti and S.J. Stolfo and M. Cova",
booktitle = "Research in attacks, intrusions, and defenses (15th International Symposium, RAID 2012, Amsterdam, The Netherlands, September 12-14, 2012. Proceedings)",
address = "Germany",
note = "conference; 15th International Symposium on Research in Attacks, Intrusions, and Defenses; 2012-09-12; 2012-09-14 ; Conference date: 12-09-2012 Through 14-09-2012",
}