DESIGN AND IMPLEMENTATION OF PROTOCOL SCRUBBING: NETWORK SECURITY THROUGH TRANSPARENT FLOW MODIFICATION

ABSTRACT
This project describes the design and implementation of protocol scrubbers. Protocol scrubbers are transparent, interposed mechanisms for explicitly removing network scans and attacks at various protocol layers. The transport scrubber supports downstream passive network-based intrusion detection systems by converting ambiguous network flows into well-behaved flows that are unequivocally interpreted by all downstream endpoints. The fingerprint scrubber restricts an attacker's ability to determine the operating system of a protected host. As an example, this paper presents the implementation of a TCP scrubber that eliminates insertion and evasion attacks--attacks that use ambiguities to subvert detection--on passive network-based intrusion detection systems, while preserving high performance. The TCP scrubber is based on a novel, simplified state machine that performs in a fast and scalable manner. The fingerprint scrubber is built upon the TCP scrubber and removes additional ambiguities from flows that can reveal implementation-specific details about a host's operating system.

TABLE OF CONTENTS TITLE PAGE CERTIFICATION DEDICATION ACKNOWLEDGEMENT ABSTRACT TABLE OF CONTENTS 
CHAPTER ONE INTRODUCTION 1.1STATEMENT OF PROBLEM 1.2AIMS AND OBJECTIVE 1.3PURPOSE OF STUDY 1.4AIMS AND OBJECTIVES OF STUDY 1.5SCOPE OF THE STUDY 1.6LIMITATION OF THE STUDY 1.7DEFINITION OF TERMS
CHAPTER TWO 2.0LITERATURE REVIEW
CHAPTER THREE METHODOLOGY FOR FACT FINDING AND DETAILED DISCUSSION OF THE SUBJECT MATTER
CHAPTER FOUR THE FUTURE, IMPLICATIONS AND CHALLENGES OF THE SUBJECT MATTER FOR THE SOCIETY
CHAPTER FIVE SUMMARY, RECOMMENDATION AND CONCLUSION REFERENCES