Symbolic execution and program testing
Communications of the ACM
Polygraph: Automatically Generating Signatures for Polymorphic Worms
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
DART: directed automated random testing
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Vigilante: end-to-end containment of internet worms
Proceedings of the twentieth ACM symposium on Operating systems principles
Towards Automatic Generation of Vulnerability-Based Signatures
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Hamsa: Fast Signature Generation for Zero-day PolymorphicWorms with Provable Attack Resilience
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
EXE: automatically generating inputs of death
Proceedings of the 13th ACM conference on Computer and communications security
Autograph: toward automated, distributed worm signature detection
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Exploring Multiple Execution Paths for Malware Analysis
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
ShieldGen: Automatic Data Patch Generation for Unknown Vulnerabilities with Informed Probing
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Static detection of security vulnerabilities in scripting languages
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Creating Vulnerability Signatures Using Weakest Preconditions
CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
Bouncer: securing software by blocking bad input
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Finding bugs in dynamic web applications
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
BitBlaze: A New Approach to Computer Security via Binary Analysis
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
HAMPI: a solver for string constraints
Proceedings of the eighteenth international symposium on Software testing and analysis
Loop-extended symbolic execution on binary programs
Proceedings of the eighteenth international symposium on Software testing and analysis
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Empirical study of the impact of metasploit-related attacks in 4 years of attack traces
ASIAN'07 Proceedings of the 12th Asian computing science conference on Advances in computer science: computer and network security
RWset: attacking path explosion in constraint-based test generation
TACAS'08/ETAPS'08 Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
A Symbolic Execution Framework for JavaScript
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Symbolic security analysis of ruby-on-rails web applications
Proceedings of the 17th ACM conference on Computer and communications security
Automatic partial loop summarization in dynamic test generation
Proceedings of the 2011 International Symposium on Software Testing and Analysis
Path exploration based on symbolic output
Proceedings of the 19th ACM SIGSOFT symposium and the 13th European conference on Foundations of software engineering
MACE: model-inference-assisted concolic exploration for protocol and vulnerability discovery
SEC'11 Proceedings of the 20th USENIX conference on Security
CUTE and jCUTE: concolic unit testing and explicit path model-checking tools
CAV'06 Proceedings of the 18th international conference on Computer Aided Verification
Efficient state merging in symbolic execution
Proceedings of the 33rd ACM SIGPLAN conference on Programming Language Design and Implementation
| Hi-index | 0.00 |
A script-based attack framework is a new type of cyber-attack tool written in scripting languages. It carries various attack scripts targeting vulnerabilities across different systems. It also supports fast development of new attack scripts that can even exploit zero-day vulnerabilities. Such mechanisms pose a big challenge to the defense side since traditional malware analysis cannot catch up with the emerging speed of new attack scripts. In this paper, we propose MetaSymploit, the first system of fast attack script analysis and automatic signature generation for a network Intrusion Detection System (IDS). As soon as a new attack script is developed and distributed, Meta-Symploit uses security-enhanced symbolic execution to quickly analyze the script and automatically generate specific IDS signatures to defend against all possible attacks launched by this new script from Day One. We implement a prototype of MetaSymploit targeting Metasploit, the most popular penetration framework. In the experiments on 45 real attack scripts, MetaSymploit automatically generates Snort IDS rules as signatures that effectively detect the attacks launched by the 45 scripts. Furthermore, the results show that MetaSymploit substantially complements and improves existing Snort rules that are manually written by the official Snort team.