ACM Transactions on Information and System Security (TISSEC)
Shield: vulnerability-driven network filters for preventing known vulnerability exploits
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Testing network-based intrusion detection signatures using mutant exploits
Proceedings of the 11th ACM conference on Computer and communications security
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Towards Automatic Generation of Vulnerability-Based Signatures
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Context based Application Level Intrusion Detection System
ICNS '06 Proceedings of the International conference on Networking and Services
Autograph: toward automated, distributed worm signature detection
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Creating Vulnerability Signatures Using Weakest Preconditions
CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
Hi-index | 0.00 |
In today's interconnected networks, Intrusion Detection Systems (IDSs), encryption devices and firewalls and crucial in providing a complete security solution. A recent survey has indicated that around 80 percent of attacks originate in the application layer and 75 percent of the attacks use exploits to take advantage of vulnerability. In this paper we explore the problem of creating vulnerability signatures. A vulnerability signature matches all exploits of a given vulnerability, even polymorphic or metamorphic variants. Our work departs from previous approaches by focusing on the semantics of the program and, vulnerability exercised by a sample exploit instead of the semantics or syntax of the exploit itself. We show the semantics of vulnerability define a language which contains all and only those inputs that exploit the vulnerability. Unlike exploit based signatures whose error rate can only be empirically measured for known test cases, the quality of a vulnerability signature can be formally quantified for all possible inputs. Also with the vulnerability signatures, we perform application classification in our IDPS system. Application classification helps in better management of an organizational network. We propose new work-flow logic for the vulnerability signature creation for desired results