close
Skip to main content

The Design and Testing of Automated Signature Generation Engine for Worms Detection

  • Conference paper
Agent and Multi-Agent Systems: Technologies and Applications (KES-AMSTA 2007)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 4496))

  • 840 Accesses

Abstract

We have proposed automated signature generation engine for unknown attack detection. For this proposal, we have studied signature engine divided into header field and payload field. Especially, in payload field, we proposed signature generation agent which can be presented by using Suffix tree, and Longest Common Subsequence(LCSeq) among them is used to generate new signature automatically. Through the test, Snort signature and generated signature by using Longest Common Subsequence(LCSeq) are compared and evaluated.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Endorf, C., Schultz, E., Mellander, J.: Intrusion Detection & Prevention. McGraw-Hill, New York (2004)

    Google Scholar 

  2. Hwang, K., Chen, Y., Liu, H.: Defending Distributed Systems Against Malicious Intrusions and Network Anomalies. In: IPDPS’05, pp. 286a (2005)

    Google Scholar 

  3. Yu, J., Reddy, Y.V.R., Selliah, S., Kankanahalli, S., Reddy, S., Bharadwaj, V.: TRINETR: An Intrusion Detection Alert Management System. In: 13th IEEE (WETICE’04), pp. 235–240 (2004)

    Google Scholar 

  4. Zhang, J., Gong, J., Ding, Y.: Research on automated rollbackability of intrusion response. Journal of Computer Security 12(5), 737–751 (2004)

    Article  Google Scholar 

  5. Kim, H.-A., Karp, B.: Autograph: Toward Automated, Distributed Worm Signature Detection. In: 13th Usenix Security Symposium, Security 2004 (August 2004)

    Google Scholar 

  6. Wang, K., Cretu, G., Stolfo, S.J.: Anomalous Payload-Based Worm Detection and Signature Generation. In: Valdes, A., Zamboni, D. (eds.) RAID 2005. LNCS, vol. 3858, pp. 227–246. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  7. Newsome, J., Karp, B., Song, D.: Polygraph: automatically generating signatures for polymorphic worm. In: Security and Privacy 2005 IEEE Symposium, May 2005, pp. 226–241 (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Ngoc Thanh NguyenAdam GrzechRobert J. HowlettLakhmi C. Jain

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kim, S., Lee, G., Kim, B. (2007). The Design and Testing of Automated Signature Generation Engine for Worms Detection. In: Nguyen, N.T., Grzech, A., Howlett, R.J., Jain, L.C. (eds) Agent and Multi-Agent Systems: Technologies and Applications. KES-AMSTA 2007. Lecture Notes in Computer Science(), vol 4496. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-72830-6_101

Download citation

Keywords

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Publish with us

Policies and ethics