Towards Automatic Generation of Vulnerability-Based Signatures

Berkeley/Oakland, California May 21-May 24

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/SP.2006.41

2006 IEEE Symposium on Security and P ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by David Brumley Articles by James Newsome Articles by Dawn Song Articles by Hao Wang Articles by Somesh Jha

	ASCII Text	x
	David Brumley, James Newsome, Dawn Song, Hao Wang, Somesh Jha, "Towards Automatic Generation of Vulnerability-Based Signatures," Security and Privacy, IEEE Symposium on, pp. 2-16, 2006 IEEE Symposium on Security and Privacy (S&P'06), 2006.

	BibTex	x
	@article{ 10.1109/SP.2006.41, author = {David Brumley and James Newsome and Dawn Song and Hao Wang and Somesh Jha}, title = {Towards Automatic Generation of Vulnerability-Based Signatures}, journal ={Security and Privacy, IEEE Symposium on}, volume = {0}, year = {2006}, issn = {1081-6011}, pages = {2-16}, doi = {http://doi.ieeecomputersociety.org/10.1109/SP.2006.41}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Security and Privacy, IEEE Symposium on TI - Towards Automatic Generation of Vulnerability-Based Signatures SN - 1081-6011 SP2 EP16 A1 - David Brumley, A1 - James Newsome, A1 - Dawn Song, A1 - Hao Wang, A1 - Somesh Jha, PY - 2006 KW - null VL - 0 JA - Security and Privacy, IEEE Symposium on ER -

David Brumley, Carnegie Mellon University

James Newsome, Carnegie Mellon University

Dawn Song, Carnegie Mellon University

Hao Wang, University of Wisconsin-Madison

Somesh Jha, University of Wisconsin-Madison

In this paper we explore the problem of creating vulnerability signatures. A vulnerability signature matches all exploits of a given vulnerability, even polymorphic or metamorphic variants. Our work departs from previous approaches by focusing on the semantics of the program and vulnerability exercised by a sample exploit instead of the semantics or syntax of the exploit itself. We show the semantics of a vulnerability define a language which contains all and only those inputs that exploit the vulnerability. A vulnerability signature is a representation (e.g., a regular expression) of the vulnerability language. Unlike exploitbased signatures whose error rate can only be empirically measured for known test cases, the quality of a vulnerability signature can be formally quantified for all possible inputs.

Citation:

David Brumley, James Newsome, Dawn Song, Hao Wang, Somesh Jha, "Towards Automatic Generation of Vulnerability-Based Signatures," sp, pp.2-16, 2006 IEEE Symposium on Security and Privacy (S&P'06), 2006

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.