Date Added: Jul 2009
Attack signature validation plays a key role in intrusion detection and prevention technologies. Usually, when new attacks, particularly worms, appear, security software analyzes and generates signatures for these attacks. Since inaccurate signatures may block legitimate traffic that is similar to the attack traffic (false positives), security software is reluctant to deploy new signatures without extensive testing. The testing procedure, however, can be time consuming, resulting in significant delays (hours or even days) in signature dissemination. To alleviate this problem, in this paper, the authors propose a novel architecture based on P2P technology for fast content signature validation. The basic idea is to collect and store recent network traffic at peers participating in the system in advance and use it to validate new signatures.