Automated signature extraction for high volume attacks

Yehuda Afek; Shir Landau Feibish

doi:10.1109/ANCS.2013.6665197

Automated signature extraction for high volume attacks

Yehuda Afek, Shir Landau Feibish

Tel Aviv University, Open University of Israel

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

We present a basic tool for zero day attack signature extraction. Given two large sets of messages, P of messages captured in the network at peacetime (i.e., mostly legitimate traffic) and A captured during attack time (i.e., contains many attack messages), we present a tool for extracting a set S of strings, that are frequently found in A and not in P. Therefore, a packet containing one of the strings from S is likely to be an attack packet.

Original language	English
Title of host publication	ANCS 2013 - Proceedings of the 9th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
Publisher	IEEE Computer Society
Pages	147-156
Number of pages	10
ISBN (Print)	9781479916405
DOIs	https://doi.org/10.1109/ANCS.2013.6665197
State	Published - 2013
Event	9th ACM/IEEE Symposium on Architectures for Networking and Communications Systems, ANCS 2013 - San Jose, CA, United States Duration: 21 Oct 2013 → 22 Oct 2013

Publication series

Name	ANCS 2013 - Proceedings of the 9th ACM/IEEE Symposium on Architectures for Networking and Communications Systems

Conference

Conference	9th ACM/IEEE Symposium on Architectures for Networking and Communications Systems, ANCS 2013
Country/Territory	United States
City	San Jose, CA
Period	21/10/13 → 22/10/13

All Science Journal Classification (ASJC) codes

Computer Networks and Communications
Hardware and Architecture

Access to Document

10.1109/ANCS.2013.6665197

Cite this

Afek, Y., & Landau Feibish, S. (2013). Automated signature extraction for high volume attacks. In ANCS 2013 - Proceedings of the 9th ACM/IEEE Symposium on Architectures for Networking and Communications Systems (pp. 147-156). Article 6665197 (ANCS 2013 - Proceedings of the 9th ACM/IEEE Symposium on Architectures for Networking and Communications Systems). IEEE Computer Society. https://doi.org/10.1109/ANCS.2013.6665197

@inproceedings{c5e899fe3e274428bdc3cd9393b3b21d,

title = "Automated signature extraction for high volume attacks",

abstract = "We present a basic tool for zero day attack signature extraction. Given two large sets of messages, P of messages captured in the network at peacetime (i.e., mostly legitimate traffic) and A captured during attack time (i.e., contains many attack messages), we present a tool for extracting a set S of strings, that are frequently found in A and not in P. Therefore, a packet containing one of the strings from S is likely to be an attack packet.",

author = "Yehuda Afek and \{Landau Feibish\}, Shir",

year = "2013",

doi = "10.1109/ANCS.2013.6665197",

language = "الإنجليزيّة",

isbn = "9781479916405",

series = "ANCS 2013 - Proceedings of the 9th ACM/IEEE Symposium on Architectures for Networking and Communications Systems",

publisher = "IEEE Computer Society",

pages = "147--156",

booktitle = "ANCS 2013 - Proceedings of the 9th ACM/IEEE Symposium on Architectures for Networking and Communications Systems",

address = "الولايات المتّحدة",

note = "9th ACM/IEEE Symposium on Architectures for Networking and Communications Systems, ANCS 2013 ; Conference date: 21-10-2013 Through 22-10-2013",

}

Afek, Y & Landau Feibish, S 2013, Automated signature extraction for high volume attacks. in ANCS 2013 - Proceedings of the 9th ACM/IEEE Symposium on Architectures for Networking and Communications Systems., 6665197, ANCS 2013 - Proceedings of the 9th ACM/IEEE Symposium on Architectures for Networking and Communications Systems, IEEE Computer Society, pp. 147-156, 9th ACM/IEEE Symposium on Architectures for Networking and Communications Systems, ANCS 2013, San Jose, CA, United States, 21/10/13. https://doi.org/10.1109/ANCS.2013.6665197

Automated signature extraction for high volume attacks. / Afek, Yehuda; Landau Feibish, Shir.
ANCS 2013 - Proceedings of the 9th ACM/IEEE Symposium on Architectures for Networking and Communications Systems. IEEE Computer Society, 2013. p. 147-156 6665197 (ANCS 2013 - Proceedings of the 9th ACM/IEEE Symposium on Architectures for Networking and Communications Systems).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Automated signature extraction for high volume attacks

AU - Afek, Yehuda

AU - Landau Feibish, Shir

PY - 2013

Y1 - 2013

N2 - We present a basic tool for zero day attack signature extraction. Given two large sets of messages, P of messages captured in the network at peacetime (i.e., mostly legitimate traffic) and A captured during attack time (i.e., contains many attack messages), we present a tool for extracting a set S of strings, that are frequently found in A and not in P. Therefore, a packet containing one of the strings from S is likely to be an attack packet.

AB - We present a basic tool for zero day attack signature extraction. Given two large sets of messages, P of messages captured in the network at peacetime (i.e., mostly legitimate traffic) and A captured during attack time (i.e., contains many attack messages), we present a tool for extracting a set S of strings, that are frequently found in A and not in P. Therefore, a packet containing one of the strings from S is likely to be an attack packet.

UR - http://www.scopus.com/inward/record.url?scp=84893503625&partnerID=8YFLogxK

U2 - 10.1109/ANCS.2013.6665197

DO - 10.1109/ANCS.2013.6665197

M3 - منشور من مؤتمر

SN - 9781479916405

T3 - ANCS 2013 - Proceedings of the 9th ACM/IEEE Symposium on Architectures for Networking and Communications Systems

SP - 147

EP - 156

BT - ANCS 2013 - Proceedings of the 9th ACM/IEEE Symposium on Architectures for Networking and Communications Systems

PB - IEEE Computer Society

T2 - 9th ACM/IEEE Symposium on Architectures for Networking and Communications Systems, ANCS 2013

Y2 - 21 October 2013 through 22 October 2013

ER -

Afek Y, Landau Feibish S. Automated signature extraction for high volume attacks. In ANCS 2013 - Proceedings of the 9th ACM/IEEE Symposium on Architectures for Networking and Communications Systems. IEEE Computer Society. 2013. p. 147-156. 6665197. (ANCS 2013 - Proceedings of the 9th ACM/IEEE Symposium on Architectures for Networking and Communications Systems). doi: 10.1109/ANCS.2013.6665197

Automated signature extraction for high volume attacks

Abstract

Publication series

Conference

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this