Systematic approach towards Analysis and Mitigation of Advanced Evasion Techniques

Abstract

Advanced Evasion Techniques (AETs) can successfully evade most network security devices and execute attack on target system. This is still an occurring problem, even after 20 years since the disclosure of evasion techniques and how they can be used to bypass network security. Network security solutions, such as Intrusion Detection and Prevention Systems (IDPS) still struggle and are vulnerable to most of the evasions techniques mentioned identified in 1998. In this thesis, a systematic analysis of advanced evasion techniques (AETs) is presented in the first two phases. Based on the results of the analysis, new mitigation methods against AETs are proposed in the third phase. Four experiments were executed in each of three different phases using advanced evasion techniques to masquerade the attack. The target of this analysis was to first recognize which combinations of evasions are most effective and which individual/ single evasion techniques are effective by itself. The final phase was to implement proposed mitigation methods and test the results. The results from the analysis showed that 4-6 % of AETs, can successfully masquerade attacks and bypass one of the most modern and updated network security solution. Proposed mitigation methods are capable of normalizing traffic much better while improving the results significantly. In many cases 100 % attack techniques were mitigated and some particular techniques exploiting headers of protocol were also mitigated completely. Nonetheless, when evasion techniques are used in complex combinations, results become concerning and it is important to note that the danger from AETs may still persist