N-gram against the machine : on the feasibility of the N-gram network analysis for binary protocols

D. Hadziosmanovic, L. Simionato, D. Bolzoni, E. Zambon, S. Etalle

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

53 Citations (Scopus)
2 Downloads (Pure)

Abstract

In recent years we have witnessed several complex and high-impact attacks specifically targeting "binary" protocols (RPC, Samba and, more recently, RDP). These attacks could not be detected by current – signature-based – detection solutions, while – at least in theory – they could be detected by state-of-the-art anomaly-based systems. This raises once again the still unanswered question of how effective anomaly-based systems are in practice. To contribute to answering this question, in this paper we investigate the effectiveness of a widely studied category of network intrusion detection systems: anomaly-based algorithms using n-gram analysis for payload inspection. Specifically, we present a thorough analysis and evaluation of several detection algorithms using variants of n-gram analysis on real-life environments. Our tests show that the analyzed systems, in presence of data with high variability, cannot deliver high detection and low false positive rates at the same time.
Original languageEnglish
Title of host publicationResearch in attacks, intrusions, and defenses (15th International Symposium, RAID 2012, Amsterdam, The Netherlands, September 12-14, 2012. Proceedings)
EditorsD. Balzarotti, S.J. Stolfo, M. Cova
Place of PublicationBerlin
PublisherSpringer
Pages354-373
ISBN (Print)978-3-642-33337-8
DOIs
Publication statusPublished - 2012
Eventconference; 15th International Symposium on Research in Attacks, Intrusions, and Defenses; 2012-09-12; 2012-09-14 -
Duration: 12 Sep 201214 Sep 2012

Publication series

NameLecture Notes in Computer Science
Volume7462
ISSN (Print)0302-9743

Conference

Conferenceconference; 15th International Symposium on Research in Attacks, Intrusions, and Defenses; 2012-09-12; 2012-09-14
Period12/09/1214/09/12
Other15th International Symposium on Research in Attacks, Intrusions, and Defenses

Fingerprint Dive into the research topics of 'N-gram against the machine : on the feasibility of the N-gram network analysis for binary protocols'. Together they form a unique fingerprint.

  • Cite this

    Hadziosmanovic, D., Simionato, L., Bolzoni, D., Zambon, E., & Etalle, S. (2012). N-gram against the machine : on the feasibility of the N-gram network analysis for binary protocols. In D. Balzarotti, S. J. Stolfo, & M. Cova (Eds.), Research in attacks, intrusions, and defenses (15th International Symposium, RAID 2012, Amsterdam, The Netherlands, September 12-14, 2012. Proceedings) (pp. 354-373). (Lecture Notes in Computer Science; Vol. 7462). Springer. https://doi.org/10.1007/978-3-642-33338-5_18