AEGIS: A Proactive Methodology to Shield against Zero-Day Exploits

Given the large number of vulnerability instances disclosed in various bug-tracking communities, system administrators face an up-hill task of protecting their system/ network against zero-day exploits. In order to safeguard against such exploits, the present challenges come in two-fold: (i) there exists a compelling need to assimilate configuration specific vulnerability information from various bug-tracking diaspora; also (ii) there is a need to proactively generate policy specific signatures which act as a first line of defense. In this paper we propose an automated approach for determining vulnerabilities pertinent to the current network/ system configuration using the information aggregated from different bug tracking communities. Such vulnerability assessment and indication mechanisms significantly alleviate the system administrator¿s burden of manual content digging for vulnerabilities in his own configuration context. Furthermore, we propose an Extensible Defense Oriented Representation Schema (EDORS) for vulnerability representation, which is subsequently used by the policy engine to generate appropriate signatures. As a result, the generated signatures can be viewed as a preventive interim security measure against recently published threats until its patch is released. We have also evaluated our framework through a series of experiments.