Sciweavers

CCS
2005
ACM

Fast and automated generation of attack signatures: a basis for building self-protecting servers

14 years 5 months ago
Fast and automated generation of attack signatures: a basis for building self-protecting servers
Large-scale attacks, such as those launched by worms and zombie farms, pose a serious threat to our network-centric society. Existing approaches such as software patches are simply unable to cope with the volume and speed with which new vulnerabilities are being discovered. In this paper, we develop a new approach that can provide effective protection against a vast majority of these attacks that exploit memory errors in C/C++ programs. Our approach, called COVERS, uses a forensic analysis of a victim server’s memory to correlate attacks to inputs received over the network, and automatically develop a signature that characterizes inputs that carry attacks. The signatures tend to capture characteristics of the underlying vulnerability (e.g., a message field being too long) rather than the characteristics of an attack, which makes them effective against variants of attacks. Our approach introduces low overheads (under 10%), does not require access to source code of the protected serv...
Zhenkai Liang, R. Sekar
Added 29 Jun 2010
Updated 29 Jun 2010
Type Conference
Year 2005
Where CCS
Authors Zhenkai Liang, R. Sekar
Comments (0)