|
Posted by Ertugrul =?UTF-8?B?U8O2eWxlbWV on June 20, 2008, 6:50 am
If you were Registered and logged in, you could reply and use other advanced thread options
> Hi, I find that many network attacks can be detected by measuring one
> single feature. For example, the SYN Flood can be detected by counting
> the number of SYN packets sent to a destination address. The measured
> feature is the number of SYN packets.
>
> Is there an attack that should be detected by at least two features?
> Can anyone give me an example and the relevant features?
You should be more accurate as to what a "feature" is, but I can give
you two examples of attacks, which require measuring as many features as
possible.
1. Man in the middle (MITM) attack: A perfect MITM attack against a
non-authenticated cryptosystem is impossible to detect. All features
you measure only give evidences.
2. Side channel attack: In an ideal case for the attacker, a side
channel attack is impossible to detect. All features you measure only
give evidences.
Greets,
Ertugrul.
--
http://ertes.de/
| 
XML site map