Wisconsin Alumni Research Foundation

Information Technology
Information Technology
Systems and Methods for Testing and Evaluating a Network Intrusion Detection System
WARF: P04220US

Inventors: Somesh Jha, Shai Rubin, Barton Miller

The Wisconsin Alumni Research Foundation (WARF) is seeking commercial partners interested in developing a powerful and systematic means of testing a NIDS or other intrusion detection system.
Overview
Network intrusion detection systems (NIDS) alert a system administrator each time an intruder attempts to penetrate the network. A signature-based NIDS (see WARF reference number P05038US) uses a table of malicious signatures to define penetration. If ongoing network activity matches a signature in the table, an alarm is generated. However, a signature-based NIDS is unable to recognize an attack that differs even slightly from the signature it uses.
The Invention
UW-Madison researchers have developed a method for determining if a set of signatures provided to an intrusion detection system for a given attack is sufficient to detect all possible modifications of that attack. They developed a formal set of transformation rules that represent mutations that might be used to disguise an attack. These rules can be applied in any combination to a known attack instance to generate variations on the attack. The variations can then be input to a NIDS for testing. Failure of the NIDS to detect an attack instance indicates a vulnerability in the system.
Applications
  • Testing network instrusion detection systems
Key Benefits
  • Provides a powerful and systematic means of testing a NIDS or other intrusion detection system
  • Allows the system administrator to modify a NIDS or set of signatures based on testing results so the system will detect additional attacks
Additional Information
For More Information About the Inventors
For current licensing status, please contact Emily Bauer at [javascript protected email address] or 608-960-9842

WARF