Packet Space Analysis of Intrusion Detection Signatures

• A single packet can trigger more than one IDS signature Different signatures may include/intersect each other • These problems can be used to design evasion/denial of service attacks IDSs can raise a limited number of events on a single packet (some signatures are not triggered) Dangerous overlap in the signature sets (a specific packet can be used to… (More)