Scribd Logo
Upload

Welcome to Scribd!

  • Stateful Protocol Analysis IDPS: Group 3

    Uploaded by

    Tam Mai
    5 views15 pages
    Stateful Protocol Analysis (SPA) is a process that compares observed network activity to vendor-developed profiles of normal protocol behavior to detect anomalies. SPA closely examines packets at the application layer, storing session data to identify intrusions involving multiple requests. However, SPA has some limitations as it may fail to detect some intrusions and could potentially interfere with normal protocol operations due to the complex analytical requirements of session-based assessments.

    Original Description:

    Original Title

    TACN_3

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Stateful Protocol Analysis (SPA) is a process that compares observed network activity to vendor-developed profiles of normal protocol behavior to detect anomalies. SPA closely examines packets at the application layer, storing session data to identify intrusions involving multiple requests. However, SPA has some limitations as it may fail to detect some intrusions and could potentially interfere with normal protocol operations due to the complex analytical requirements of session-based assessments.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    5 views15 pages

    Stateful Protocol Analysis IDPS: Group 3

    Uploaded by

    Tam Mai
    Stateful Protocol Analysis (SPA) is a process that compares observed network activity to vendor-developed profiles of normal protocol behavior to detect anomalies. SPA closely examines packets at the application layer, storing session data to identify intrusions involving multiple requests. However, SPA has some limitations as it may fail to detect some intrusions and could potentially interfere with normal protocol operations due to the complex analytical requirements of session-based assessments.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 15

    Stateful

    Protocol
    Analysis IDPS
    Group 3
    TABLE OF CONTENTS

    02
    01 03
    Operation
    Defines and Restriction
    characteristics
    Leader: Nguyễn Tài Phúc
    Slide: Nguyễn Kim Trọng
    Trần Văn Sáng ( Present)
    Nguyễn Đức Thịnh
    Đào Hữu Quý
    Nguyễn Văn Việt Defines and
    Nguyễn Xuân Tiến 01
    characteristics
    Defines

    SPA is a process of comparing


    predetermined profiles of
    generally accepted definitions
    of benign activity for each
    protocol
    Defines

    A firewalling capability that


    upon standard stateful
    inspection by adding basic
    intrusion detection technology
    Defines

    This technology compare


    vendor-developed profiles of
    benign protocol activity
    against observed events to
    deviations
    Characteristics
    Keep track
    and record the
    Identify authenticator
    unexpected
    sequences of
    commands
    Reasonableness
    checks for
    individual
    commands
    Operation Lưu Văn Tùng ( Present)
    02
    of SPA Phạm Đức Thiện
    Mai Thị Tâm
    Lê Mạnh Thành
    Vũ Hoàng Yến
    Operation
    Essentially, IDPS knows how a protocol,
    such as FTP, is supposed to work and can
    therefore detect unusual behavior

    Storing relevant data detected in a session


    and then using that data to identify intrusions
    that involve multiple requests and responses
    Operation
    Essentially, IDPS knows how a protocol,
    such as FTP, is supposed to work and can
    therefore detect unusual behavior

    SPA closely examines packets at the


    application layer for information that indicates
    a possible intrusion.
    Operation
    Essentially, IDPS knows how a protocol,
    such as FTP, is supposed to work and can
    therefore detect unusual behavior

    Examine authentication sessions for suspicious


    activity as well as for attacks that incorporate
    unexpected sequences of commands
    Operation
    Essentially, IDPS knows how a protocol,
    such as FTP, is supposed to work and can
    therefore detect unusual behavior

    Proprietary protocols are not published in


    sufficient detail to enable the IDPS to provide
    accurate and comprehensive assessments.
    Phạm Minh Quang ( Present)
    Vũ Thanh Thủy
    03 Restriction of Lã Văn Tuấn
    SPA Phan Thi Hồng Nhung
    Nguyễn Ngọc Sơn
    Restriction

    The analytical complexity of session-


    based assessments

    IDPS method may completely fail to


    detect an intrusion in some cases

    IDPS may in fact interfere with the normal


    operations of the protocol it’s examining
    THANKS!

    You might also like