| Organização Proponenete |
Chefe do Projeto |
| Tecnológico de Monterrey, Campus Estado de México |
Raúl Monroy Borja |
| Ano |
País |
Investimento |
| 2005 |
México |
11.670 |
Descripción
Computer security is a major concern for e-business. Users are reluctant to deliver confidential information over an insecure, vulnerable network. Computer crimes, such as user impersonation or unauthorised use of information, have already resulted in countless losses. Intrusion detection is concerned with the timely discovery of any activity that jeopardises the integrity, availability or the confidentiality of an IT system.
It amounts to detecting a known pattern of computer misuse, a deviation to ordinary expected behaviour, or to a combination thereof. Regardless of which approach is adopted, current Intrusion Detection Systems (IDSs) are easy to bypass using a mimicry attack. A mimicry attack is a variant of an attack which aims to masquerade as normal behaviour.
A mimicry attack is built out of the original attack using any conceivable transformation, provided that harmfulness is not lost. This research rests upon the conjecture that a high-level explanation of a computer attack is the key to successfully detect any of its variants. Our hypothesis is that abstraction, together with a word network, can account for an interesting class of mimicry attacks, widening the level of coverage in mimicry attack detection. We aim to build an method for unconvering a wider range of mimicry attacks.
