Abstract
We have proposed automated signature generation engine for unknown attack detection. For this proposal, we have studied signature engine divided into header field and payload field. Especially, in payload field, we proposed signature generation agent which can be presented by using Suffix tree, and Longest Common Subsequence(LCSeq) among them is used to generate new signature automatically. Through the test, Snort signature and generated signature by using Longest Common Subsequence(LCSeq) are compared and evaluated.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Endorf, C., Schultz, E., Mellander, J.: Intrusion Detection & Prevention. McGraw-Hill, New York (2004)
Hwang, K., Chen, Y., Liu, H.: Defending Distributed Systems Against Malicious Intrusions and Network Anomalies. In: IPDPS’05, pp. 286a (2005)
Yu, J., Reddy, Y.V.R., Selliah, S., Kankanahalli, S., Reddy, S., Bharadwaj, V.: TRINETR: An Intrusion Detection Alert Management System. In: 13th IEEE (WETICE’04), pp. 235–240 (2004)
Zhang, J., Gong, J., Ding, Y.: Research on automated rollbackability of intrusion response. Journal of Computer Security 12(5), 737–751 (2004)
Kim, H.-A., Karp, B.: Autograph: Toward Automated, Distributed Worm Signature Detection. In: 13th Usenix Security Symposium, Security 2004 (August 2004)
Wang, K., Cretu, G., Stolfo, S.J.: Anomalous Payload-Based Worm Detection and Signature Generation. In: Valdes, A., Zamboni, D. (eds.) RAID 2005. LNCS, vol. 3858, pp. 227–246. Springer, Heidelberg (2006)
Newsome, J., Karp, B., Song, D.: Polygraph: automatically generating signatures for polymorphic worm. In: Security and Privacy 2005 IEEE Symposium, May 2005, pp. 226–241 (2005)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kim, S., Lee, G., Kim, B. (2007). The Design and Testing of Automated Signature Generation Engine for Worms Detection. In: Nguyen, N.T., Grzech, A., Howlett, R.J., Jain, L.C. (eds) Agent and Multi-Agent Systems: Technologies and Applications. KES-AMSTA 2007. Lecture Notes in Computer Science(), vol 4496. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-72830-6_101
Download citation
DOI: https://doi.org/10.1007/978-3-540-72830-6_101
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-72829-0
Online ISBN: 978-3-540-72830-6
eBook Packages: Computer ScienceComputer Science (R0)