CERIAS - Center for Education and Research in Information Assurance and Security

Skip Navigation
Purdue University - Discovery Park
Center for Education and Research in Information Assurance and Security

Signatures, Heuristics and Behavior Blocking

Sarah Merrion - Symantec

Feb 18, 2004


Blended threats, which use combinations of malicious code to transmit and
spread attacks, are increasing and are among the most important trends to
watch and guard against in 2004. By using multiple techniques, blended
threats can spread to large numbers of hosts, causing rapid and widespread
damage, as evidenced by the examples seen in August, 2003. Today's
protection to these threats rely heavily on reactive technologies rather an
a proactive mitigation approach. This presentation will look at three
technologies for detecting malicious code: signature based detection
(fingerprinting), heuristics, and behavior blocking as solutions to address
these threats. We'll discuss where technology is headed and how to optimize
protection for the fast spreading threats of the future.

About the Speaker

Sarah Merrion is a Principal Security Consultant at Symantec Corporation.
She received her MS in Telecommunications from DePaul University in 2002
and has been working in the information security field for over 7 years.
Sarah specializes in developing comprehensive security solutions around the
threats of malicious code.

Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M. STEW G52 (Suite 050B), West Lafayette Campus. More information...


The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.