DocumentCode
3349136
Title
Nebula - generating syntactical network intrusion signatures
Author
Werner, Tillmann ; Fuchs, Christoph ; Gerhards-Padilla, Elmar ; Martini, Peter
Author_Institution
Univ. of Bonn, Bonn, Germany
fYear
2009
fDate
13-14 Oct. 2009
Firstpage
31
Lastpage
38
Abstract
Signature-based intrusion detection is a state-of-the-art technology for identifying malicious activity in networks. However, attack trends change very fast nowadays, making it impossible to keep up with manual signature engineering. This paper describes a novel concept for automatic signature generation based on efficient autonomous attack classification. Signatures are constructed for each class from syntactical commonalities and go beyond a single, contiguous substring. Each part of a signature is combined with positional information, which drastically improves signature accuracy and matching performance. We argue that a general description of zero-day attacks is immanently restricted to syntactical features and outline how valid signatures for novel real-world attacks were successfully generated.
Keywords
computer network security; Nebula; automatic signature generation; autonomous attack classification; malicious activity identification; positional information; signature accuracy; signature matching; signature-based intrusion detection; syntactical network intrusion signatures; Algorithm design and analysis; Clustering algorithms; Feature extraction; Guidelines; Intrusion detection; Pattern matching; Production; Protection; Security; Telecommunication traffic;
fLanguage
English
Publisher
ieee
Conference_Titel
Malicious and Unwanted Software (MALWARE), 2009 4th International Conference on
Conference_Location
Montreal, QC
Print_ISBN
978-1-4244-5786-1
Type
conf
DOI
10.1109/MALWARE.2009.5403022
Filename
5403022
Link To Document