Sciweavers

SP
2006
IEEE

Towards Automatic Generation of Vulnerability-Based Signatures

14 years 6 months ago
Towards Automatic Generation of Vulnerability-Based Signatures
In this paper we explore the problem of creating vulnerability signatures. A vulnerability signature matches all exploits of a given vulnerability, even polymorphic or metamorphic variants. Our work departs from previous approaches by focusing on the semantics of the program and vulnerability exercised by a sample exploit instead of the semantics or syntax of the exploit itself. We show the semantics of a vulnerability define a language which contains all and only those inputs that exploit the vulnerability. A vulnerability signature is a representation (e.g., a regular expression) of the vulnerability language. Unlike exploitbased signatures whose error rate can only be empirically measured for known test cases, the quality of a vulnerability signature can be formally quantified for all possible inputs. We provide a formal definition of a vulnerability signature and investigate the computational complexity of creating and matching vulnerability signatures. We also systematically e...
David Brumley, James Newsome, Dawn Xiaodong Song,
Added 12 Jun 2010
Updated 12 Jun 2010
Type Conference
Year 2006
Where SP
Authors David Brumley, James Newsome, Dawn Xiaodong Song, Hao Wang, Somesh Jha
Comments (0)