Compabilitiy Mode

1. Attackers may be actively attempting to evade a detection system. We assume that an employee has developed a webserver that listens on TCP port 80. However, this webserver is vulnerable to an attack. If an HTTP request contains a string of “ATTACK” (case sensitive), the webserver will be exploited. An example is illustrated as follows:

IP Header TCP Header GET ATTACK [login to view URL]

You have designed a signature-based (a.k.a., misuse) intrusion detection system, which will raise an alert if it finds “ATTACK” in one TCP packet.

a. How can an attacker successfully launch attacks while evading your detection system? (5 Points)

b. How can you modify your detection algorithm to counteract?

2. Collecting benign samples to train a model for anomaly detection is usually very expensive. Let us assume Alice and Bob achieve the identical detection rates and false positive rates. The following figure plots how the size (e.g., memory consumption) of the model (y-axis, used to profile the benign behaviors) grows as we use more benign samples (x-axis) to train the model. Which system do you prefer according to the figure? Give two reasons. (dotted-Alice, line-Bob)

Taidot: Tietoturva, Verkkoturva, Internet-turvallisuus, Ohjelmistojen testaus, tekniikka

Näytä lisää: let japanese translation, switched mode boost circuit diagram patent, website let type japanese, let wap work iphone, youtube account expensive, column mode 2008, please let know will start project, paypal debug mode, let tomcat server know website, easy let clients edit text website, let joomla users post articles, clickatell expensive, myheritage expensive, retrieve bit mode operating system, boink let normal, flaticon logo collections 1 my icons collection 0 edit mode empty collection hey cowboy this looks like a desert add some icons, freelancers are expensive let us move your site to wordpress, 1. What is occurring in packets 3-4? Is it evidence of an intrusion? Provide an interpretation of what is occurring, and the po

Tietoa työnantajasta:
( 0 arvostelua ) Fairborn, United States

Projektin tunnus: #22455539

Myönnetty käyttäjälle:


Hello :D Bid from Bhav

$30 USD 1 päivässä
(7 Arvostelua)

3 freelanceria on tarjonnut keskimäärin 27$ tähän työhön


Hi, I'm a security researcher from Pakistan. I have been working in CyberSecurity field for the past 2 years. Signature-based detection can be implemented easily using a traffic monitoring tool. However, the task 2 Lisää

$30 USD 1 päivässä
(1 arvostelu)

1) ok. 2)bob. I will build my own defense server in front of your server. Hello Dear! I am a hard worker having good delivery. You will feel always gorgeous about your project's going if you hire me. EVEN super gorge Lisää

$20 USD 2 päivässä
(0 arvostelua)