Abstract
In today's interconnected networks, Intrusion Detection Systems (IDSs), encryption devices and firewalls and crucial in providing a complete security solution. A recent survey has indicated that around 80 percent of attacks originate in the application layer and 75 percent of the attacks use exploits to take advantage of vulnerability. In this paper we explore the problem of creating vulnerability signatures. A vulnerability signature matches all exploits of a given vulnerability, even polymorphic or metamorphic variants. Our work departs from previous approaches by focusing on the semantics of the program and, vulnerability exercised by a sample exploit instead of the semantics or syntax of the exploit itself. We show the semantics of vulnerability define a language which contains all and only those inputs that exploit the vulnerability. Unlike exploit based signatures whose error rate can only be empirically measured for known test cases, the quality of a vulnerability signature can be formally quantified for all possible inputs. Also with the vulnerability signatures, we perform application classification in our IDPS system. Application classification helps in better management of an organizational network. We propose new work-flow logic for the vulnerability signature creation for desired results
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
