Measured Features for Detecting Attacks

Discussion in 'Computer Security' started by simon, Jun 19, 2008.

  1. simon

    simon Guest

    Hi, I find that many network attacks can be detected by measuring one
    single feature. For example, the SYN Flood can be detected by counting
    the number of SYN packets sent to a destination address. The measured
    feature is the number of SYN packets.

    Is there an attack that should be detected by at least two features?
    Can anyone give me an example and the relevant features?

    Thanks a lot!

    Simon
     
    simon, Jun 19, 2008
    #1
    1. Advertisements

  2. You should be more accurate as to what a "feature" is, but I can give
    you two examples of attacks, which require measuring as many features as
    possible.

    1. Man in the middle (MITM) attack: A perfect MITM attack against a
    non-authenticated cryptosystem is impossible to detect. All features
    you measure only give evidences.

    2. Side channel attack: In an ideal case for the attacker, a side
    channel attack is impossible to detect. All features you measure only
    give evidences.


    Greets,
    Ertugrul.
     
    Ertugrul Söylemez, Jun 20, 2008
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.