Title :
Nebula - generating syntactical network intrusion signatures
Author :
Werner, Tillmann ; Fuchs, Christoph ; Gerhards-Padilla, Elmar ; Martini, Peter
Author_Institution :
Univ. of Bonn, Bonn, Germany
Abstract :
Signature-based intrusion detection is a state-of-the-art technology for identifying malicious activity in networks. However, attack trends change very fast nowadays, making it impossible to keep up with manual signature engineering. This paper describes a novel concept for automatic signature generation based on efficient autonomous attack classification. Signatures are constructed for each class from syntactical commonalities and go beyond a single, contiguous substring. Each part of a signature is combined with positional information, which drastically improves signature accuracy and matching performance. We argue that a general description of zero-day attacks is immanently restricted to syntactical features and outline how valid signatures for novel real-world attacks were successfully generated.
Keywords :
computer network security; Nebula; automatic signature generation; autonomous attack classification; malicious activity identification; positional information; signature accuracy; signature matching; signature-based intrusion detection; syntactical network intrusion signatures; Algorithm design and analysis; Clustering algorithms; Feature extraction; Guidelines; Intrusion detection; Pattern matching; Production; Protection; Security; Telecommunication traffic;
Conference_Titel :
Malicious and Unwanted Software (MALWARE), 2009 4th International Conference on
Conference_Location :
Montreal, QC
Print_ISBN :
978-1-4244-5786-1
DOI :
10.1109/MALWARE.2009.5403022
