An extensible framework for automated network attack signature generation

Download
2009
Kenar, Serkan
The effectiveness of misuse-based intrusion detection systems (IDS) are seriously broken, with the advance of threats in terms of speed and scale. Today worms, trojans, viruses and other threats can spread all around the globe in less than thirty minutes. In order to detect these emerging threats, signatures must be generated automatically and distributed to intrusion detection systems rapidly. There are studies on automatically generating signatures for worms and attacks. However, either these systems rely on Honeypots which are supposed to receive only suspicious traffic, or use port-scanning outlier detectors. In this study, an open, extensible system based on an network IDS is proposed to identify suspicious traffic using anomaly detection methods, and to automatically generate signatures of attacks out of this suspicious traffic. The generated signatures are classified and fedback into the IDS either locally or distributed. Design and proof-of-concept implementation are described and developed system is tested on both synthetic and real network data. The system is designed as a framework to test different methods and evaluate the outcomes of varying configurations easily. The test results show that, with a properly defined attack detection algorithm, attack signatures could be generated with high accuracy and efficiency. The resulting system could be used to prevent early damages of fast-spreading worms and other threats.

Suggestions

A Decision Support System for Optimal Selection of Enterprise Information Security Preventative Actions
Sonmez, Ferda Ozdemir; Günel Kılıç, Banu (2021-09-01)
Types and complexity of information security related vulnerabilities are growing rapidly and present numerous challenges to the enterprises. One of the key challenges is to identify the optimal set of precautions with limited budget. Despite the fact that majority of enterprises have a budget constraint for installing and maintaining the protection systems, the majority of the previous work only focus on prioritization of security targets and do not consider the preventative actions and budget constraints. ...
A framework for distributed intrusion detection systems
Öztosun, Ümit; Koçyiğit, Altan; Mumcuoğlu, Erkan; Department of Information Systems (2002)
Emergence of intrusion detection systems (IDSs) has leveraged the security of infor mation systems. However, they also introduced new problems. Plethora of intrusion detection systems are in common use today, using various different ways and tech niques for intrusion detection. It is not uncommon to see an information system uti lizes different IDSs, in order to combine advantages and to reduce disadvantages of individual systems. This often results in a confusion of systems that output informa tion in diff...
A Conceptual Model for a Metric Based Framework for the Monitoring of Information Security Tasks’ Efficiency
Sönmez, Ferda Özdemir (Elsevier BV; 2019)
Information Security Governance Systems are not adequate to measure the effectiveness and efficiency of security tasks for the enterprises. Although some of the systems offer ways for measurement, they still need the definition of measurement objectives and metrics. This study proposes a conceptual framework mode which has human and tool/process related metrics. This system also allows the collection of evidence data for security-related tasks and ways to motivate the security staff to provide a more produc...
An Ontology-Based Expert System to Detect Service Level Agreement Violations
Karamanlıoğlu, Alper (2018-07-04)
In this paper, an expert system developed with an ontology-based approach to detect Service Level Agreement (SLA) violations is presented. The widespread use of SLAs in various areas complicates SLA management and in particular the detection of violations. Although it is necessary to automatically detect SLA violations, developing a different solution for each domain is quite costly. Several domains were investigated, and many common concepts have been identified in terms of SLAs. Nevertheless, it has been ...
Environment generation tool for enabling aspect verification
Aldanmaz, Şenol Lokman; Betin Can, Aysu; Department of Information Systems (2010)
Aspects are units of aspect oriented programming developed for influencing the software behavior. In order to use an aspect confidently in any software, first it should be verified. For verification of an aspect, the mock classes for the original software should be prepared. These mock classes are a model of the aspect environment which the aspect is woven. In this study, considering that there are not enough tools for supporting the aspect oriented programming developers, we have developed a tool for enabl...
Citation Formats
S. Kenar, “An extensible framework for automated network attack signature generation,” M.S. - Master of Science, Middle East Technical University, 2009.