de.mpg.escidoc.pubman.appbase.FacesBean
Deutsch
 
Hilfe Wegweiser Impressum Kontakt Einloggen
  DetailsucheBrowse

Datensatz

DATENSATZ AKTIONENEXPORT

Freigegeben

Hochschulschrift

Extraction of Attack Signatures

MPG-Autoren
http://pubman.mpdl.mpg.de/cone/persons/resource/persons45112

Nenova,  Stefana
International Max Planck Research School, MPI for Informatics, Max Planck Society;

Externe Ressourcen
Es sind keine Externen Ressourcen verfügbar
Volltexte (frei zugänglich)
Es sind keine frei zugänglichen Volltexte verfügbar
Ergänzendes Material (frei zugänglich)
Es sind keine frei zugänglichen Ergänzenden Materialien verfügbar
Zitation

Nenova, S. (2007). Extraction of Attack Signatures. Master Thesis, Universität des Saarlandes, Saarbrücken.


Zitierlink: http://hdl.handle.net/11858/00-001M-0000-0027-D1A0-2
Zusammenfassung
With the advance of technology, the need for fast reaction to remote attacks gains in importance. A common practice to help detect malicious activity is to install an Intrusion Detection System. Intrusion detection systems are equipped with a set of signatures�descriptions of known intrusion attempts. They monitor traffic and use the signatures to detect intrusion attempts. To date, attack signatures are still mostly derived manually. However, to ensure the security of computer systems and data, the speed and quality of signature generation has to be improved. To help achieve the task, we propose an approach for automatic extraction of attack signatures. In contrast to the majority of the existing research in the area, we do not confine our approach to a particular type of attack. In particular, we are the first to try signature extraction for attacks resulting from misconfigured security policies. Whereas the majority of existing approaches rely on statistical methods and require many attack instances in order to launch the signature generation mechanism, we use experimentation and need only a single attack instance. For experimentation, we combine an existing framework for capture and replay of system calls with an appropriate minimization algorithm. We propose three minimization algorithms: Delta Debugging, Binary Debugging and Consecutive Binary Debugging. We evaluate the performance of the different algorithms and test our approach with an example program. In all test cases, our application successfully extracts the attack signature. Our current results suggest that this is a promising approach that can help us defend better and faster against unknown attacks.