Automatic attack signature generation systems: A review
作者: Sanmeet Kaur , Maninder Singh
DOI: 10.1109/MSP.2013.51
关键词:
摘要: Signature-based intrusion detection systems provide solutions to counter the increasing number of attacks on network resources. But this is not helpful for novel whose signatures aren't available. Automated signature generation can work proactively detect these in real time and generate new attacks. This article analyzes latest developments, including Honeycyber, Hancock, Arbor, Auto-Sign, Argos, Hamsa, F-Sign, a hybrid honeyfarm-based defense system, comparing basis their ability attacks, method, suitability multiple instances worms, type generated, worms covered, false alarm rates, relative strengths weaknesses.
computer.org
sci-hub.se 参考文章(13)
G. Portokalidis, H.J. Bos, J.M. Slowinska, Argos: an Emulator for Fingerprinting Zero-Day Attacks ,(2006)
Vern Paxson, Bro: a system for detecting network intruders in real-time Computer Networks. ,vol. 31, pp. 2435- 2463 ,(1999) , 10.1016/S1389-1286(99)00112-7
Kent Griffin, Scott Schneider, Xin Hu, Tzi-cker Chiueh, Automatic Generation of String Signatures for Malware Detection recent advances in intrusion detection. pp. 101- 120 ,(2009) , 10.1007/978-3-642-04342-0_6
Martin Roesch, Snort - Lightweight Intrusion Detection for Networks usenix large installation systems administration conference. pp. 229- 238 ,(1999)
Pragya Jain, Anjali Sardana, Defending against internet worms using honeyfarm Proceedings of the CUBE International Information Technology Conference on - CUBE '12. pp. 795- 800 ,(2012) , 10.1145/2381716.2381867
Gil Tahan, Chanan Glezer, Yuval Elovici, Lior Rokach, Auto-Sign: an automatic signature generator for high-speed malware filtering devices Journal in Computer Virology. ,vol. 6, pp. 91- 103 ,(2010) , 10.1007/S11416-009-0119-3
Asaf Shabtai, Eitan Menahem, Yuval Elovici, F-Sign: Automatic, Function-Based Signature Generation for Malware systems man and cybernetics. ,vol. 41, pp. 494- 508 ,(2011) , 10.1109/TSMCC.2010.2068544
Mohssen M. Z. E. Mohammed, H. Anthony Chan, Neco Ventura, Honeycyber: Automated signature generation for zero-day polymorphic worms military communications conference. pp. 1- 6 ,(2008) , 10.1109/MILCOM.2008.4753178
Jan Kohlrausch, Experiences with the NoAH Honeynet Testbed to Detect new Internet Worms 2009 Fifth International Conference on IT Security Incident Management and IT Forensics. pp. 13- 26 ,(2009) , 10.1109/IMF.2009.9
Georgios Portokalidis, Asia Slowinska, Herbert Bos, Argos Proceedings of the 2006 EuroSys conference on - EuroSys '06. ,vol. 40, pp. 15- 27 ,(2006) , 10.1145/1217935.1217938