Polymorphic attack feature validation: bridging the gap between intrusion detection and evolving threats

Abstract

This project focuses on enhancing the detection of polymorphic attacks, which can evade traditional Intrusion Detection Systems (IDS) by changing their form with each attack. While IDS are crucial for network security, their effectiveness diminishes against such dynamic threats. The project aims to identify key features exploited by polymorphic attacks, enabling the creation of a feature list to improve detection. Using the SlowHTTP tool for generating attack profiles and the LycoStand tool for essential feature extraction, this research seeks to develop effective mechanisms to analyze polymorphic attacks and its features, addressing the limitations of IDS in identifying these attacks.