DocumentCode :
1943861
Title :
Execution Trace-Driven Automated Attack Signature Generation
Author :
Nanda, Susanta ; Chiueh, Tzi-cker
fYear :
2008
fDate :
8-12 Dec. 2008
Firstpage :
195
Lastpage :
204
Abstract :
In its most general form, an attack signature is a program that can correctly determine if an input network packet sequence can successfully attack a protected network application. Filter rules used in firewall and network intrusion prevention systems (NIPS) are an abstract form of attack signature. This paper presents the design, implementation, and evaluation of an automated attack signature generation system called Trag, that automatically generates an executable attack signature program from a victim programpsilas source and a given attack input. Trag leverages dynamic data and control dependencies to extract relevant code in the victim program, accurately identifies variable initialization statements that are not executed in the given attack, is able to generate attack signatures for multi-process network applications, and reduces the size of attack signatures by exploiting responses from victim programs. Experiments with a fully working Trag prototype show that Tragpsilas signatures can indeed prevent attacks against multiple production-grade vulnerable server/Web applications, such as apache, wu-ftpd and MyBullentinBoard, with up to 65% reduction in size when compared with the victim program. In terms of performance overhead, the additional latency as observed from the client-side is no more than 25 usec for multi-process Web applications, while the overall throughput remains unaffected.
Keywords :
authorisation; computer networks; digital signatures; Trag system; execution trace-driven automated attack signature generation; multiprocess network application; network attack; network packet sequence; protected network application; Application software; Automatic generation control; Automatic logic units; Computer security; Data mining; Filtering; Matched filters; Protection; Prototypes; Size control; attack signature generation; execution traces; vulnerability signatures; web application security;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Computer Security Applications Conference, 2008. ACSAC 2008. Annual
Conference_Location :
Anaheim, CA
ISSN :
1063-9527
Print_ISBN :
978-0-7695-3447-3
Type :
conf
DOI :
10.1109/ACSAC.2008.58
Filename :
4721557
Link To Document :
بازگشت