Generalization of Attack Signatures

Research Areas: End System Security

Principal Investigator: Saurabh Bagchi

A problem faced by signature-based intrusion detection sensors is that as new attacks are created and as new kinds of benign traffic are observed, the signatures need to be updated. The current approach to this process is manual. Consequently, keeping them updated is a Herculean task that involves tedious work by many security experts at organizations that provide the NIDS software. Our goal in this work is to automatically generate signatures by performing data mining on attack samples. Further, we aim to create generalized signatures; "generalized" implies the signatures will be able to match some zero-day attacks as well, not just the attack samples that it has been trained on.


Other Faculty: Alan Qi

Students: Chris Gutierrez Fahad Arshad Jeffrey Avery

Representative Publications

Keywords: generalization, intrusion detection signatures, machine learning, phishing attack, zero-day attacks

Coming Up!

Our annual security symposium will take place on April 7th and 8th, 2020.
Purdue University, West Lafayette, IN

More Information