首页 | 本学科首页   官方微博 | 高级检索  
     


Analysis of update delays in signature-based network intrusion detection systems
Authors:Hugo Gascon  Agustin Orfila  Jorge Blasco[Author vitae]
Affiliation:Department of Computer Science, Carlos III University of Madrid, Avenida de la Universidad 30, Leganes, Madrid 28911, Spain
Abstract:Network Intrusion Detection Systems (NIDS) play a fundamental role on security policy deployment and help organizations in protecting their assets from network attacks. Signature-based NIDS rely on a set of known patterns to match malicious traffic. Accordingly, they are unable to detect a specific attack until a specific signature for the corresponding vulnerability is created, tested, released and deployed. Although vital, the delay in the updating process of these systems has not been studied in depth. This paper presents a comprehensive statistical analysis of this delay in relation to the vulnerability disclosure time, the updates of vulnerability detection systems (VDS), the software patching releases and the publication of exploits. The widely deployed NIDS Snort and its detection signatures release dates have been used. Results show that signature updates are typically available later than software patching releases. Moreover, Snort rules are generally released within the first 100 days from the vulnerability disclosure and most of the times exploits and the corresponding NIDS rules are published with little difference. Implications of these results are drawn in the context of security policy definition. This study can be easily kept up to date due to the methodology used.
Keywords:Intrusion detection   Vulnerability   Signature update   Exploit   Patch   NIDS   VDS   Snort   Nessus
本文献已被 ScienceDirect 等数据库收录!
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号