CERIAS - Center for Education and Research in Information Assurance and Security

Skip Navigation
CERIAS Logo
Purdue University
Center for Education and Research in Information Assurance and Security

Generalization of Attack Signatures

Research Areas: End System Security

Principal Investigator: Saurabh Bagchi

A problem faced by signature-based intrusion detection sensors is that as new attacks are created and as new kinds of benign traffic are observed, the signatures need to be updated. The current approach to this process is manual. Consequently, keeping them updated is a Herculean task that involves tedious work by many security experts at organizations that provide the NIDS software. Our goal in this work is to automatically generate signatures by performing data mining on attack samples. Further, we aim to create generalized signatures; "generalized" implies the signatures will be able to match some zero-day attacks as well, not just the attack samples that it has been trained on.

Personnel

Other Faculty: Alan Qi

Students: Chris Gutierrez Fahad Arshad Jeffrey Avery

Representative Publications

Keywords: generalization, intrusion detection signatures, machine learning, phishing attack, zero-day attacks