Simplifying Signature Engineering by Reuse

12 years 1 months ago
Simplifying Signature Engineering by Reuse
Abstract. Most intrusion detection systems deployed today apply misuse detection as detection procedure. Misuse detection compares the recorded audit data with predefined patterns, i.e. signatures. A signature is usually empirically developed based on experience and expert knowledge. Methods for a systematic development are scarcely reported yet. Automated approaches to reusing design and modeling decisions of available signatures also do not exist. This induces relatively long development times for signatures causing inappropriate vulnerability windows. In this paper we present an approach for systematic signature derivation. It is based on the reuse of existing signatures to exploit similarities with existing attacks for deriving a new signature. The approach is based on an e abstraction of signatures. Based on a weighted abstraction tree it selects those signatures or signature fragments, which are similar to the novel attack. Finally, we present a practical application of the appro...
Sebastian Schmerl, Hartmut König, Ulrich Fleg
Added 22 Aug 2010
Updated 22 Aug 2010
Type Conference
Year 2006
Authors Sebastian Schmerl, Hartmut König, Ulrich Flegel, Michael Meier
Comments (0)