Polygraph: Automatically Generating Signatures for Polymorphic Worms
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Vigilante: end-to-end containment of internet worms
Proceedings of the twentieth ACM symposium on Operating systems principles
Can machine learning be secure?
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
MisleadingWorm Signature Generators Using Deliberate Noise Injection
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Autograph: toward automated, distributed worm signature detection
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
An architecture for generating semantics-aware signatures
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
DIMVA'05 Proceedings of the Second international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
FLIPS: hybrid adaptive intrusion prevention
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Polymorphic worm detection using structural information of executables
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Anomalous payload-based worm detection and signature generation
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Large-scale collection and sanitization of network security data: risks and challenges
NSPW '06 Proceedings of the 2006 workshop on New security paradigms
Exploiting machine learning to subvert your spam filter
LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats
Swarm Attacks against Network-Level Emulation/Analysis
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Open problems in the security of learning
Proceedings of the 1st ACM workshop on Workshop on AISec
Online Network Forensics for Automatic Repair Validation
IWSEC '08 Proceedings of the 3rd International Workshop on Security: Advances in Information and Computer Security
Self-healing: science, engineering, and fiction
NSPW '07 Proceedings of the 2007 Workshop on New Security Paradigms
Advanced allergy attacks: does a corpus really help
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Probabilistic identification for hard to classify protocol
WISTP'08 Proceedings of the 2nd IFIP WG 11.2 international conference on Information security theory and practices: smart devices, convergence and next generation networks
Thwarting zero-day polymorphic worms with network-level length-based signature generation
IEEE/ACM Transactions on Networking (TON)
Proceedings of the 4th ACM workshop on Security and artificial intelligence
Impeding automated malware analysis with environment-sensitive malware
HotSec'12 Proceedings of the 7th USENIX conference on Hot Topics in Security
| Hi-index | 0.00 |
Research in systems that automatically generate signatures to filter out zero-day worm instances at perimeter defense has received a lot of attention recently. While a well known problem with these systems is that the signatures generated are usually not very useful against polymorphic worms, we shall in this paper investigate a different, and potentially more serious problem facing automatic signature generation systems: attacks that manipulate the signature generation system and turn it into an active agent for DoS attack against the protected system. We call this new attack the “allergy attack”. This type of attack should be anticipated and has in fact been an issue in the context of “detraining” in machine learning. However, we have not seen a demonstration of its practical impact in real intrusion detection/prevention systems. In this paper, we shall demonstrate the practical impact of “allergy attacks”.