TY - GEN
T1 - Automated signature extraction for high volume attacks
AU - Afek, Yehuda
AU - Bremler-Barr, Anat
AU - Landau Feibish, Shir
N1 - Copyright:
Copyright 2014 Elsevier B.V., All rights reserved.
PY - 2013
Y1 - 2013
N2 - We present a basic tool for zero day attack signature extraction. Given two large sets of messages, P of messages captured in the network at peacetime (i.e., mostly legitimate traffic) and A captured during attack time (i.e., contains many attack messages), we present a tool for extracting a set S of strings, that are frequently found in A and not in P. Therefore, a packet containing one of the strings from S is likely to be an attack packet.
AB - We present a basic tool for zero day attack signature extraction. Given two large sets of messages, P of messages captured in the network at peacetime (i.e., mostly legitimate traffic) and A captured during attack time (i.e., contains many attack messages), we present a tool for extracting a set S of strings, that are frequently found in A and not in P. Therefore, a packet containing one of the strings from S is likely to be an attack packet.
UR - http://www.scopus.com/inward/record.url?scp=84893503625&partnerID=8YFLogxK
U2 - 10.1109/ANCS.2013.6665197
DO - 10.1109/ANCS.2013.6665197
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:84893503625
SN - 9781479916405
T3 - ANCS 2013 - Proceedings of the 9th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
SP - 147
EP - 156
BT - ANCS 2013 - Proceedings of the 9th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
PB - IEEE Computer Society
T2 - 9th ACM/IEEE Symposium on Architectures for Networking and Communications Systems, ANCS 2013
Y2 - 21 October 2013 through 22 October 2013
ER -