Automated signature extraction for high volume attacks

Yehuda Afek, Anat Bremler-Barr, Shir Landau Feibish

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

We present a basic tool for zero day attack signature extraction. Given two large sets of messages, P of messages captured in the network at peacetime (i.e., mostly legitimate traffic) and A captured during attack time (i.e., contains many attack messages), we present a tool for extracting a set S of strings, that are frequently found in A and not in P. Therefore, a packet containing one of the strings from S is likely to be an attack packet.

Original languageEnglish
Title of host publicationANCS 2013 - Proceedings of the 9th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
PublisherIEEE Computer Society
Pages147-156
Number of pages10
ISBN (Print)9781479916405
DOIs
StatePublished - 2013
Event9th ACM/IEEE Symposium on Architectures for Networking and Communications Systems, ANCS 2013 - San Jose, CA, United States
Duration: 21 Oct 201322 Oct 2013

Publication series

NameANCS 2013 - Proceedings of the 9th ACM/IEEE Symposium on Architectures for Networking and Communications Systems

Conference

Conference9th ACM/IEEE Symposium on Architectures for Networking and Communications Systems, ANCS 2013
Country/TerritoryUnited States
CitySan Jose, CA
Period21/10/1322/10/13

Fingerprint

Dive into the research topics of 'Automated signature extraction for high volume attacks'. Together they form a unique fingerprint.

Cite this