|
Student
Abstracts: Computer Science at INEEL
Software to Detect Interactive Traffic in Real-time.
ALEXANDER WITHERS (Gonzaga University, Spokane, WA 99258) LIZ FAULTERSACK
(Idaho National Engineering and Environmental Laboratory, Idaho Falls, ID
83415) .
One of the goals of Intrusion Detection systems is to find backdoors being
placed on systems or previously placed backdoors. The usual method for finding
these backdoors is to look at the content of the traffic. A paper recently
published by V. Paxson and Y. Zhang entitled "Detecting Backdoors"
lays out some general algorithms for determining if traffic is interactive.
Software was written that implements these algorithms as a Snort preprocessor.
The software can be used to find backdoors by looking at TCP connections that
are both interactive and uncharacteristic of the network.
|
