Allergy Attack Against Automatic Signature Generation

Chung, Simon P.; Mok, Aloysius K.

doi:10.1007/11856214_4

Allergy Attack Against Automatic Signature Generation

Simon P. Chung¹⁸ &
Aloysius K. Mok¹⁸

Conference paper

1165 Accesses
30 Citations

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 4219))

Abstract

Research in systems that automatically generate signatures to filter out zero-day worm instances at perimeter defense has received a lot of attention recently. While a well known problem with these systems is that the signatures generated are usually not very useful against polymorphic worms, we shall in this paper investigate a different, and potentially more serious problem facing automatic signature generation systems: attacks that manipulate the signature generation system and turn it into an active agent for DoS attack against the protected system. We call this new attack the “allergy attack”. This type of attack should be anticipated and has in fact been an issue in the context of “detraining” in machine learning. However, we have not seen a demonstration of its practical impact in real intrusion detection/prevention systems. In this paper, we shall demonstrate the practical impact of “allergy attacks”.

This is a preview of subscription content, log in via an institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Barreno, M., Nelson, B., Sears, R., Joseph, A.D., Tygar, J.D.: Can machine learning be secure. In: Proceedings of the ACM Symposium on InformAtion, Computer and Communications Security (ASIACCS 2006), Taipei (March 2006)
Google Scholar
Costa, M., Crowcroft, J., Castro, M., Rowstron, A., Zhou, L., Zhang, L., Barham, P.: Vigilante: End-to-end containment of internet worms. In: Proceedings of 20th ACM Symposium on Operating Systems Principles, Brighton (October 2005)
Google Scholar
Crandall, J.R., Wu, S.F., Chong, F.T.: Experiences using minos as a tool for capturing and analyzing novel worms for unknown vulnerabilities. In: Julisch, K., Krügel, C. (eds.) DIMVA 2005. LNCS, vol. 3548, pp. 32–50. Springer, Heidelberg (2005)
Chapter Google Scholar
Kim, H., Karp, B.: Autograph: Toward automated, distributed worm signature detection. In: Proceedings of 13th USENIX Security Symposium, California (August 2004)
Google Scholar
Kreibich, C., Crowcroft, J.: Honeycomb - Creating Intrusion Detection Signatures Using Honeypots. In: Proceedings of the Second Workshop on Hot Topics in Networks (Hotnets II), Boston (November 2003)
Google Scholar
Krügel, C., Kirda, E., Mutz, D., Robertson, W., Vigna, G.: Polymorphic worm detection using structural information of executables. In: Valdes, A., Zamboni, D. (eds.) RAID 2005. LNCS, vol. 3858, pp. 207–226. Springer, Heidelberg (2006)
Chapter Google Scholar
Locasto, M.E., Wang, K., Keromytis, A.D., Stolfo, S.J.: FLIPS: Hybrid adaptive intrusion prevention. In: Valdes, A., Zamboni, D. (eds.) RAID 2005. LNCS, vol. 3858, pp. 82–101. Springer, Heidelberg (2006)
Chapter Google Scholar
Newsome, J., Karp, B., Song, D.: Polygraph: Automatically generating signatures for polymorphic worms. In: Proceedings of The 2005 IEEE Symposium on Security and Privacy, Oakland (May 2005)
Google Scholar
Newsome, J., Song, D.: Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In: Proceedings of 12th Annual Network and Distributed System Security Symposium (NDSS 2005) (February 2005)
Google Scholar
Perdisci, R., Dagon, D., Lee, W., Fogla, P., Sharif, M.: Misleading worm signature generators using deliberate noise injection. In: Proceedings of The 2006 IEEE Symposium on Security and Privacy, Oakland (May 2006)
Google Scholar
Singh, S., Estan, C., Varghese, G., Savage, S.: Automated worm fingerprinting. In: Proceedings of 5th Symposium on Operating Systems Design and Implementation, California (December 2004)
Google Scholar
Tang, Y., Chen, S.: Defending against internet worms: a signature-based approach. In: Proceedings of 24th Annual Joint Conference of the IEEE Computer and Communications Societies, Florida (July 2005)
Google Scholar
Wang, K., Cretu, G., Stolfo, S.J.: Anomalous payload-based worm detection and signature generation. In: Valdes, A., Zamboni, D. (eds.) RAID 2005. LNCS, vol. 3858, pp. 227–246. Springer, Heidelberg (2006)
Chapter Google Scholar
Yegneswaran, V., Giffin, J.T., Barford, P., Jha, S.: An architecture for generating semantics-aware signatures. In: Proceedings of 14th USENIX Security Symposium, Maryland (August 2005)
Google Scholar

Download references

Author information

Authors and Affiliations

Department of Computer Sciences, University of Texas at Austin, Austin, TX, 78712, USA
Simon P. Chung & Aloysius K. Mok

Authors

Simon P. Chung
View author publications
You can also search for this author in PubMed Google Scholar
Aloysius K. Mok
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

IBM Research Laboratory, Säumerstr. 4, 8803, Rüschlikon, Switzerland
Diego Zamboni
Secure Systems Lab, Technical University of Vienna, 1040, Vienna, Austria
Christopher Kruegel

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Chung, S.P., Mok, A.K. (2006). Allergy Attack Against Automatic Signature Generation. In: Zamboni, D., Kruegel, C. (eds) Recent Advances in Intrusion Detection. RAID 2006. Lecture Notes in Computer Science, vol 4219. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11856214_4

Download citation

DOI: https://doi.org/10.1007/11856214_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-39723-6
Online ISBN: 978-3-540-39725-0
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics