Sciweavers

SP
2007
IEEE

ShieldGen: Automatic Data Patch Generation for Unknown Vulnerabilities with Informed Probing

14 years 6 months ago
ShieldGen: Automatic Data Patch Generation for Unknown Vulnerabilities with Informed Probing
In this paper, we present ShieldGen, a system for automatically generating a data patch or a vulnerability signature for an unknown vulnerability, given a zero-day attack instance. The key novelty in our work is that we leverage knowledge of the data format to generate new potential attack instances, which we call probes, and use a zero-day detector as an oracle to determine if an instance can still exploit the vulnerability; the feedback of the oracle guides our search for the vulnerability signature. We have implemented a ShieldGen prototype and experimented with three known vulnerabilities. The generated signatures have no false positives and a low rate of false negatives due to imperfect data format specifications and the sampling technique used in our probe generation. Overall, they are significantly more precise than the signatures generated by existing schemes. We have also conducted a detailed study of 25 vulnerabilities for which Microsoft has issued security bulletins betw...
Weidong Cui, Marcus Peinado, Helen J. Wang, Michae
Added 04 Jun 2010
Updated 04 Jun 2010
Type Conference
Year 2007
Where SP
Authors Weidong Cui, Marcus Peinado, Helen J. Wang, Michael E. Locasto
Comments (0)