Top

Researcher Bypasses IDS Using IDS Signatures

November 9, 2017

Category:

Bucharest – DefCamp 2017- Intrusion detection system (IDS) signatures can be used as an evasion technique to bypass the IDS itself, a security researcher claims.

During a presentation at the DefCamp 2017 security conference in Bucharest, Romania, Kirill Shipulin, a security researcher atPositive Technologies, explained that available IDS signatures can be turned against the system to paralyze its defenses. He also argued that compromises between performance and security can produce opportunities for bypass.

Signature-based IDS relies on discovering specific patterns for the detection of attacks, either by looking for byte sequences in network traffic, or for known malicious instruction sequences used by malware.

Read More on Security Week