Sciweavers

Share
ACSAC
2007
IEEE

Improving Signature Testing through Dynamic Data Flow Analysis

9 years 1 months ago
Improving Signature Testing through Dynamic Data Flow Analysis
The effectiveness and precision of network-based intrusion detection signatures can be evaluated either by direct analysis of the signatures (if they are available) or by using black-box testing (if the system is closed-source). Recently, several techniques have been proposed to generate test cases by automatically deriving variations (or mutations) of attacks. Even though these techniques have been useful in identifying “blind spots” in the signatures of closed-source, network-based intrusion detection systems, the generation of test cases is performed in a random, unguided fashion. The reason is that there is no information available about the signatures to be tested. As a result, identifying a test case that is able to evade detection is difficult. In this paper, we propose a novel approach to drive the generation of test cases by using the information gathered by analyzing the dynamic behavior of the intrusion detection system. Our approach applies dynamic data flow analysis...
Christopher Kruegel, Davide Balzarotti, William K.
Added 02 Jun 2010
Updated 02 Jun 2010
Type Conference
Year 2007
Where ACSAC
Authors Christopher Kruegel, Davide Balzarotti, William K. Robertson, Giovanni Vigna
Comments (0)
books