An Algorithm for Generation of Attack Signatures Based on Sequences Alignment
作者: Nan Li , Chunhe Xia , Yi Yang , Haiquan Wang
关键词:
摘要: This paper presents a new algorithm for generation of attack signatures based on sequence alignment. The is composed two parts: local alignment algorithm-GASBSLA (Generation Attack Signatures Based Sequence Local Alignment) and multi-sequence algorithm-TGMSA (Tri-stage Gradual Multi-Sequence Alignment). With the inspiration used in Bioinformatics, GASBSLA replaces global constant weight penalty model by affine to improve generality signatures. TGMSA pruning policy make more insensitive noises In this paper, are described detail validated experiments.
researchgate.net 
sci-hub.se 参考文章(12)
Matthew Van Gundy, Giovanni Vigna, Davide Balzarotti, Catch me, if you can: evading network signatures with web-based polymorphic worms WOOT '07 Proceedings of the first USENIX workshop on Offensive Technologies. pp. 7- ,(2007)
Jedidiah R. Crandall, S. Felix Wu, Frederic T. Chong, Experiences using minos as a tool for capturing and analyzing novel worms for unknown vulnerabilities international conference on detection of intrusions and malware and vulnerability assessment. ,vol. 3548, pp. 32- 50 ,(2005) , 10.1007/11506881_3
R.P. Lippmann, D.J. Fried, I. Graf, J.W. Haines, K.R. Kendall, D. McClung, D. Weber, S.E. Webster, D. Wyschogrod, R.K. Cunningham, M.A. Zissman, Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation darpa information survivability conference and exposition. ,vol. 2, pp. 12- 26 ,(2000) , 10.1109/DISCEX.2000.821506
Saul B. Needleman, Christian D. Wunsch, A general method applicable to the search for similarities in the amino acid sequence of two proteins Journal of Molecular Biology. ,vol. 48, pp. 443- 453 ,(1970) , 10.1016/0022-2836(70)90057-4
T.F. Smith, M.S. Waterman, Identification of common molecular subsequences. Journal of Molecular Biology. ,vol. 147, pp. 195- 197 ,(1981) , 10.1016/0022-2836(81)90087-5
Jedidiah R Crandall, Zhendong Su, S Felix Wu, Frederic T Chong, On deriving unknown vulnerabilities from zero-day polymorphic and metamorphic worm exploits Proceedings of the 12th ACM conference on Computer and communications security - CCS '05. pp. 235- 248 ,(2005) , 10.1145/1102120.1102152
Zhichun Li, Lanjia Wang, Yan Chen, Zhi Fu, Network-based and Attack-resilient Length Signature Generation for Zero-day Polymorphic Worms international conference on network protocols. pp. 164- 173 ,(2007) , 10.1109/ICNP.2007.4375847
S. Uliel, A. Fliess, A. Amir, R. Unger, A simple algorithm for detecting circular permutations in proteins international conference on bioinformatics. ,vol. 15, pp. 930- 936 ,(1999) , 10.1093/BIOINFORMATICS/15.11.930
J. Newsome, B. Karp, D. Song, Polygraph: automatically generating signatures for polymorphic worms ieee symposium on security and privacy. pp. 226- 241 ,(2005) , 10.1109/SP.2005.15
Jun Xu, Peng Ning, Chongkyung Kil, Yan Zhai, Chris Bookholt, Automatic diagnosis and response to memory corruption vulnerabilities Proceedings of the 12th ACM conference on Computer and communications security - CCS '05. pp. 223- 234 ,(2005) , 10.1145/1102120.1102151