Towards application classification with vulnerability signatures for IDS/IPS

  • Authors:

  • Dhiren; Maulik;Hardik Joshi;Bhadresh K. Patel

  • Affiliations:

  • Gujarat University;Gujarat University;Gujarat University;IPS Cyberoam, Elitecore Technology Pvt. Ltd.

  • Venue:
  • Proceedings of the First International Conference on Security of Internet of Things
  • Year:
  • 2012

Quantified Score

Hi-index 0.00

Visualization

Abstract

In today's interconnected networks, Intrusion Detection Systems (IDSs), encryption devices and firewalls and crucial in providing a complete security solution. A recent survey has indicated that around 80 percent of attacks originate in the application layer and 75 percent of the attacks use exploits to take advantage of vulnerability. In this paper we explore the problem of creating vulnerability signatures. A vulnerability signature matches all exploits of a given vulnerability, even polymorphic or metamorphic variants. Our work departs from previous approaches by focusing on the semantics of the program and, vulnerability exercised by a sample exploit instead of the semantics or syntax of the exploit itself. We show the semantics of vulnerability define a language which contains all and only those inputs that exploit the vulnerability. Unlike exploit based signatures whose error rate can only be empirically measured for known test cases, the quality of a vulnerability signature can be formally quantified for all possible inputs. Also with the vulnerability signatures, we perform application classification in our IDPS system. Application classification helps in better management of an organizational network. We propose new work-flow logic for the vulnerability signature creation for desired results