Journal ArticleDOI
Honeycomb: creating intrusion detection signatures using honeypots
Christian Kreibich,Jon Crowcroft +1 more
- Vol. 34, Iss: 1, pp 51-56
Reads0
Chats0
TLDR
A system for automated generation of attack signatures for network intrusion detection systems that successfully created precise traffic signatures that otherwise would have required the skills and time of a security officer to inspect the traffic manually.Abstract:
This paper describes a system for automated generation of attack signatures for network intrusion detection systems. Our system applies pattern-matching techniques and protocol conformance checks on multiple levels in the protocol hierarchy to network traffic captured a honeypot system. We present results of running the system on an unprotected cable modem connection for 24 hours. The system successfully created precise traffic signatures that otherwise would have required the skills and time of a security officer to inspect the traffic manually.read more
Citations
More filters
Proceedings Article
Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software
James Newsome,Dawn Song +1 more
TL;DR: TaintCheck as mentioned in this paper performs dynamic taint analysis by performing binary rewriting at run time, which can reliably detect most types of exploits and produces no false positives for any of the many different programs that were tested.
Proceedings ArticleDOI
Polygraph: automatically generating signatures for polymorphic worms
TL;DR: Polygraph as mentioned in this paper is a signature generation system that successfully produces signatures that match polymorphic worms by using multiple disjoint content substrings, which correspond to protocol framing, return addresses, and poorly obfuscated code.
Proceedings Article
Autograph: toward automated, distributed worm signature detection
TL;DR: Autograph as mentioned in this paper is a system that automatically generates signatures for novel Internet worms that propagate using TCP transport, and it is designed to produce signatures that exhibit high sensitivity (high true positives) and high specificity (low false positives).
Proceedings Article
Automated worm fingerprinting
TL;DR: The initial experience suggests that, for a wide range of network pathogens, it may be practical to construct fully automated defenses - even against so-called "zero-day" epidemics.
Proceedings ArticleDOI
Uncovering social spammers: social honeypots + machine learning
TL;DR: It is found that the deployed social honeypots identify social spammers with low false positive rates and that the harvested spam data contains signals that are strongly correlated with observable profile features (e.g., content, friend information, posting patterns, etc.).
References
More filters
Book
Algorithms on Strings, Trees and Sequences: Computer Science and Computational Biology
TL;DR: In this paper, the authors introduce suffix trees and their use in sequence alignment, core string edits, alignments and dynamic programming, and extend the core problems to extend the main problems.
Proceedings Article
Snort - Lightweight Intrusion Detection for Networks
TL;DR: Snort provides a layer of defense which monitors network traffic for predefined suspicious activity or patterns, and alert system administrators when potential hostile traffic is detected.
Journal ArticleDOI
Bro: a system for detecting network intruders in real-time
Vern Paxson,Vern Paxson +1 more
TL;DR: An overview of the Bro system's design, which emphasizes high-speed (FDDI-rate) monitoring, real-time notification, clear separation between mechanism and policy, and extensibility, is given.
Algorithms on strings, trees, and sequences
TL;DR: Ukkonen’s method is the method of choice for most problems requiring the construction of a suffix tree, and it will be presented first because it is easier to understand.