Execution Trace-Driven Automated Attack Signature Generation

12 years 6 months ago
Execution Trace-Driven Automated Attack Signature Generation
In its most general form, an attack signature is a program that can correctly determine if an input network packet sequence can successfully attack a protected network application. Filter rules used in firewall and network intrusion on systems (NIPS) are an abstract form of attack signature. This paper presents the design, implementation, and evaluation of an automated attack signature generation system called Trag, that automatically generates an executable attack signature program from a victim program’s source and a given attack input. Trag leverages dynamic data and control dependencies to extract relevant code in the victim program, accurately identifies variable initialization statements that are not executed in the given attack, is able to generate attack signatures for multi-process network applications, and reduces the size of attack signatures by exploiting responses from victim programs. Experiments with a fully working Trag prototype show that Trag’s signatures can i...
Susanta Nanda, Tzi-cker Chiueh
Added 28 May 2010
Updated 28 May 2010
Type Conference
Year 2008
Authors Susanta Nanda, Tzi-cker Chiueh
Comments (0)