Sciweavers

USS
2004

Autograph: Toward Automated, Distributed Worm Signature Detection

14 years 27 days ago
Autograph: Toward Automated, Distributed Worm Signature Detection
Today's Internet intrusion detection systems (IDSes) monitor edge networks' DMZs to identify and/or filter malicious flows. While an IDS helps protect the hosts on its local edge network from compromise and denial of service, it cannot alone effectively intervene to halt and reverse the spreading of novel Internet worms. Generation of the worm signatures required by an IDS--the byte patterns sought in monitored traffic to identify worms--today entails non-trivial human labor, and thus significant delay: as network operators detect anomalous behavior, they communicate with one another and manually study packet traces to produce a worm signature. Yet intervention must occur early in an epidemic to halt a worm's spread. In this paper, we describe Autograph, a system that automatically generates signatures for novel Internet worms that propagate using TCP transport. Autograph generates signatures by analyzing the prevalence of portions of flow payloads, and thus uses no kno...
Hyang-Ah Kim, Brad Karp
Added 31 Oct 2010
Updated 31 Oct 2010
Type Conference
Year 2004
Where USS
Authors Hyang-Ah Kim, Brad Karp
Comments (0)