Generalization of Attack Signatures
Principal Investigator: Saurabh Bagchi
A problem faced by signature-based intrusion detection sensors is that as new attacks are created and as new kinds of benign traffic are observed, the signatures need to be updated. The current approach to this process is manual. Consequently, keeping them updated is a Herculean task that involves tedious work by many security experts at organizations that provide the NIDS software. Our goal in this work is to automatically generate signatures by performing data mining on attack samples. Further, we aim to create generalized signatures; "generalized" implies the signatures will be able to match some zero-day attacks as well, not just the attack samples that it has been trained on.
Other Faculty: Alan Qi
Students: Chris Gutierrez Fahad Arshad Jeffrey Avery
“pSigene: Webcrawling to Generalize SQL Injection Signatures,” Gaspar Modelo-Howard, Fahad A. Arshad, Christopher Gutierrez, and Saurabh Bagchi, At the 44th Annual IEEE/IFIP International Symposium on Dependable Systems and Networks (DSN), June 23 - 26, 2014
Keywords: generalization, intrusion detection signatures, machine learning, phishing attack, zero-day attacks