Algorithms on strings, trees, and sequences: computer science and computational biology
Algorithms on strings, trees, and sequences: computer science and computational biology
A Space-Economical Suffix Tree Construction Algorithm
Journal of the ACM (JACM)
Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
Honeypots: Tracking Hackers
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Fast payload-based flow estimation for traffic monitoring and network security
Proceedings of the 2005 ACM symposium on Architecture for networking and communications systems
On deriving unknown vulnerabilities from zero-day polymorphic and metamorphic worm exploits
Proceedings of the 12th ACM conference on Computer and communications security
Temporal search: detecting hidden malware timebombs with virtual machines
Proceedings of the 12th international conference on Architectural support for programming languages and operating systems
Profiling self-propagating worms via behavioral footprinting
Proceedings of the 4th ACM workshop on Recurring malcode
SweetBait: Zero-hour worm detection and containment using low- and high-interaction honeypots
Computer Networks: The International Journal of Computer and Telecommunications Networking
Sweeper: a lightweight end-to-end system for defending against fast worms
Proceedings of the 2nd ACM SIGOPS/EuroSys European Conference on Computer Systems 2007
Triage: diagnosing production run failures at the user's site
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
A new approach to decreasing the false network attack alarms
DNCOCO'07 Proceedings of the 9th WSEAS International Conference on Data Networks, Communications, Computers
Detecting worm variants using machine learning
CoNEXT '07 Proceedings of the 2007 ACM CoNEXT conference
Network Traffic Classification by Common Subsequence Finding
ICCS '08 Proceedings of the 8th international conference on Computational Science, Part I
Fast and Black-box Exploit Detection and Signature Generation for Commodity Software
ACM Transactions on Information and System Security (TISSEC)
DDoS attacks detection model and its application
WSEAS Transactions on Computers
An evaluation of connection characteristics for separating network attacks
International Journal of Security and Networks
Filtering False Positives Based on Server-Side Behaviors
IEICE - Transactions on Information and Systems
Robust signatures for kernel data structures
Proceedings of the 16th ACM conference on Computer and communications security
Automatic Generation of String Signatures for Malware Detection
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
DROP: Detecting Return-Oriented Programming Malicious Code
ICISS '09 Proceedings of the 5th International Conference on Information Systems Security
Thwarting zero-day polymorphic worms with network-level length-based signature generation
IEEE/ACM Transactions on Networking (TON)
An automated signature generation approach for polymorphic worm based on color coding
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
Uncovering social spammers: social honeypots + machine learning
Proceedings of the 33rd international ACM SIGIR conference on Research and development in information retrieval
JACKSTRAWS: picking command and control connections from bot traffic
SEC'11 Proceedings of the 20th USENIX conference on Security
Frankenstein: stitching malware from benign binaries
WOOT'12 Proceedings of the 6th USENIX conference on Offensive Technologies
Defending against internet worms using honeyfarm
Proceedings of the CUBE International Information Technology Conference
Towards automatic assembly of privacy-preserved intrusion signatures
TrustBus'07 Proceedings of the 4th international conference on Trust, Privacy and Security in Digital Business
AUDIO: an integrity auditing framework of outlier-mining-as-a-service systems
ECML PKDD'12 Proceedings of the 2012 European conference on Machine Learning and Knowledge Discovery in Databases - Volume Part II
Bot detection evasion: a case study on local-host alert correlation bot detection methods
Security and Communication Networks
Automated signature extraction for high volume attacks
ANCS '13 Proceedings of the ninth ACM/IEEE symposium on Architectures for networking and communications systems
| Hi-index | 0.00 |
This paper describes a system for automated generation of attack signatures for network intrusion detection systems. Our system applies pattern-matching techniques and protocol conformance checks on multiple levels in the protocol hierarchy to network traffic captured a honeypot system. We present results of running the system on an unprotected cable modem connection for 24 hours. The system successfully created precise traffic signatures that otherwise would have required the skills and time of a security officer to inspect the traffic manually.