Execution Trace-Driven Automated Attack Signature Generation

Free registration required

Executive Summary

In its most general form, an attack signature is a program that can correctly determine if an input network packet sequence can successfully attack a protected network application. Filter rules used in firewall and Network Intrusion Prevention Systems (NIPS) are an abstract form of attack signature. This paper presents the design, implementation, and evaluation of an automated attack signature generation system called Trag, that automatically generates an executable attack signature program from a victim program's source and a given attack input.

  • Format: PDF
  • Size: 215.7 KB