Evasion Techniques Efficiency over the IPS/IDS Technology

Abstract

Intrusion Prevention Systems (IPS) and Intrusion Detection Systems (IDS) are the first line of the defense of cyber-environment. This technology is made for capturing and preventing breaches and attacks. Evading of an IPS/IDS system creates a large gap in cyber-security. This research examines seven common evasion techniques and success rates of these over the IPS/IDS system. These techniques are TTL evasion, fragmentation with MTU modification evasion, tampering time - agent name and port name evasion, encoding and obfuscation evasion, bad checksum evasion, file header manipulation evasion, file and path change evasion. The last version of Snort IPS/IDS system was used to test attacks and evasion techniques. The whole attack and evasion dataset created by contemporary attack techniques during the research. Test results demonstrate that the IPS/IDS system can be bypassed with evasion techniques. © 2019 IEEE.