Skip to main content
SpringerLink
Log in
Book cover

International Conference on Trust, Privacy and Security in Digital Business

TrustBus 2007: Trust, Privacy and Security in Digital Business pp 54–64Cite as

Towards Automatic Assembly of Privacy-Preserved Intrusion Signatures

  • Conference paper

  • 529 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4657))

Abstract

Intrusion signatures are used to detect and/or prevent fast-spreading worms or exploits, and usually, constructing these signatures is an automatic process without human intervention for the sake of speed. In principle, the automatic signature construction process can produce not only true-positive intrusion signatures but also false-positive ones, the latter of which poses a grave problem because they can be misused to disclose privacy information. Manual signature checking (for a whitelist) can solve the problem, but it slows down the reaction time for an attack dramatically. In this paper, we propose a mechanism to generate signatures automatically while preserving the privacy information. Essentially, we transform the original feature values within an audit trail instance into feature ranges, and then use these feature ranges to construct a privacy-preserved intrusion signature. Our current focus is on the methods constructing feature ranges, and for this purpose, several methods are proposed to discover feature ranges. The experimental results are quite encouraging: the transformation from values to ranges leads not only to the preservation of privacy but also to the enhancement of the detection performance.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Anderson, J.: Computer security threat monitoring and surveillance. Technical report, James P Anderson Co., Fort Washington, Pennsylvania (April 1980)

    Google Scholar 

  2. Arshad, D., Chan, P.: Identifying outliers via clustering for anomaly detection. Technical Report CS-2003-19, Computer Science Department, Florida Institute of Technology (2003)

    Google Scholar 

  3. Kim, H.-A., Karp, B.: Autograph: Toward automated, distributed worm signature detection. In: USENIX Security Symposium, pp. 271–286 (2004)

    Google Scholar 

  4. Kreibich, C., Crowcroft, J.: Honeycomb: creating intrusion detection signatures using honeypots. SIGCOMM Comput. Commun. Rev. 34(1), 51–56 (2004)

    Article  Google Scholar 

  5. Li, Z., Das, A.: Visualizing and identifying intrusion context from system calls trace. In: Proceedings of 20th Annual Computer Security Applications Conference (December 2004)

    Google Scholar 

  6. Li, Z., Das, A., Zhou, J.: Theoretical Basis for Intrusion Detection. In: Proceedings of 6th IEEE Information Assurance Workshop (IAW) (June 2005)

    Google Scholar 

  7. libpcap, http://sourceforge.net/projects/libpcap/

  8. Lincoln, P., Porras, P.A., Shmatikov, V.: Privacy-preserving sharing and correlation of security alerts. In: USENIX Security Symposium, pp. 239–254 (2004)

    Google Scholar 

  9. Newsome, J., Karp, B., Song, D.: Polygraph: Automatically generating signatures for polymorphic worms. Proceedings of IEEE S&P, 226–241 (2005)

    Google Scholar 

  10. Newsome, J., Song, D.: Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In: Proceedings of the 12th Annual Network and Distributed System Security Symposium (NDSS 2005) (2005)

    Google Scholar 

  11. Ning, P., Xu, D., Healey, C.G., Amant, R.S.: Building attack scenarios through integration of complementary alert correlation method. In: NDSS (2004)

    Google Scholar 

  12. Paxon, V.: Bro: A system for detecting network intruders in real-time. In: Proc. 7th USENIX Security Symposium (1998)

    Google Scholar 

  13. Perdisci, R., Dagon, D., Lee, W., Fogla, P., Sharif, M.: Misleadingworm signature generators using deliberate noise injection. Proceedings of the 2006 IEEE S&P, 17–31 (2006)

    Google Scholar 

  14. RealSecure. http://www.realsecure.com

  15. Roesch, M.: Snort - lightweight intrusion detection for networks. In: Proceedings of USENIX LISA (1999)

    Google Scholar 

  16. Singh, S., Estan, C., Varghese, G., Savage, S.: Automated worm fingerprinting. In: OSDI, pp. 45–60 (2004)

    Google Scholar 

  17. Weaver, N.C.: A warhol worm: An internet plague in 15 minutes! (2001), http://www.cs.berkeley.edu/~nweaver/warhol.old.html (as of Feburary 2006)

  18. winpcap, http://www.winpcap.org/

  19. Xu, D., Ning, P.: Privacy-preserving alert correlation: A concept hierarchy based approach. In: Srikanthan, T., Xue, J., Chang, C.-H. (eds.) ACSAC 2005. LNCS, vol. 3740, pp. 537–546. Springer, Heidelberg (2005)

    Google Scholar 

  20. Xu, D., Ning, P.: A flexible approach to intrusion alert anonymization and correlation. In: Proceedings of 2nd IEEE Communications Society/CreateNet International Conference on Security and Privacy in Communication Networks, August 2006, IEEE Computer Society Press, Los Alamitos (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Indiana University at Bloomington,  

    Zhuowei Li

  2. Nanyang Technological University, Singapore

    Zhuowei Li & Amitabha Das

  3. Institute for Infocomm Research, Singapore

    Jianying Zhou

Authors
  1. Zhuowei Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Amitabha Das
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jianying Zhou
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Costas Lambrinoudakis Günther Pernul A Min Tjoa

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Li, Z., Das, A., Zhou, J. (2007). Towards Automatic Assembly of Privacy-Preserved Intrusion Signatures. In: Lambrinoudakis, C., Pernul, G., Tjoa, A.M. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2007. Lecture Notes in Computer Science, vol 4657. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74409-2_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-74409-2_8

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-74408-5

  • Online ISBN: 978-3-540-74409-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation