Results 1 - 10 of 1,021

Network-based and attackresilient length signature generation for zero-day polymorphic worms

by Zhichun Li, Lanjia Wang, Yan Chen, Zhi (Judy) Fu , 2007
"... It is crucial to detect zero-day polymorphic worms and to generate signatures at the edge network gateways or honeynets so that we can prevent the worms from propagating at their early phase. However, most existing network-based signatures generated are not vulnerability based and can be easily evad ..."
Abstract - Cited by 8 (2 self) - Add to MetaCart
evaded under attacks. In this paper, we propose to design vulnerability based signatures without any host-level analysis of worm execution or vulnerable programs. As the first step, we design a network-based Length-based Signature Generator (LESG) for worms based on buffer overflow vulnerabilities

Thwarting Zero-Day Polymorphic Worms With Network-Level Length-Based Signature Generation

by Lanjia Wang, Zhichun Li, Yan Chen, Zhi (judy Fu, Xing Li
"... Abstract—It is crucial to detect zero-day polymorphic worms and to generate signatures at network gateways or honeynets so that we can prevent worms from propagating at their early phase. However, most existing network-based signatures are specific to exploit and can be easily evaded. In this paper, ..."
Abstract - Cited by 3 (1 self) - Add to MetaCart
, we propose generating vulnerability-driven signatures at network level without any host-level analysis of worm execution or vulnerable programs. As the first step, we design a network-based length-based signature generator (LESG) for the worms exploiting buffer overflow vulnerabilities1

Network-based and Attack-resilient Length Signature Generation for Zero-day Polymorphic Worms

by unknown authors
"... Abstract—It is crucial to detect zero-day polymorphic worms and to generate signatures at the edge network gateways or honeynets so that we can prevent the worms from propagating at their early phase. However, most existing network-based signatures generated are not vulnerability-based and can be ea ..."
Abstract - Add to MetaCart
be easily evaded by attacks. In this paper, we propose generating vulnerability-based signatures on the network level without any host-level analysis of worm execution or vulnerable programs. As the first step, we design a network-based Length-based Signature Generator (LESG) for worms based on buffer

Network-based and Attack-resilient Length Signature Generation for Zero-day Polymorphic Worms

by unknown authors
"... Abstract—It is crucial to detect zero-day polymorphic worms and to generate signatures at the edge network gateways or honeynets so that we can prevent the worms from propagating at their early phase. However, most existing network-based signatures generated are not vulnerability-based and can be ea ..."
Abstract - Add to MetaCart
be easily evaded by attacks. In this paper, we propose generating vulnerability-based signatures on the network level without any host-level analysis of worm execution or vulnerable programs. As the first step, we design a network-based Length-based Signature Generator (LESG) for worms based on buffer

Automated worm fingerprinting

by Sumeet Singh, Cristian Estan, George Varghese, Stefan Savage - In OSDI , 2004
"... Network worms are a clear and growing threat to the security of today’s Internet-connected hosts and networks. The combination of the Internet’s unrestricted connectivity and widespread software homogeneity allows network pathogens to exploit tremendous parallelism in their propagation. In fact, mod ..."
Abstract - Cited by 317 (9 self) - Add to MetaCart
with a range of unique sources generating infections and destinations being targeted. More importantly, our approach – called “content sifting ” – automatically generates precise signatures that can then be used to filter or moderate the spread of the worm elsewhere in the network. Using a combination

Testing network-based intrusion detection signatures using mutant exploits

by Giovanni Vigna, William Robertson, Davide Balzarotti - In Proceedings of the 11th ACM Conference on Computer and Communications Security (CCS , 2004
"... Misuse-based intrusion detection systems rely on models of attacks to identify the manifestation of intrusive behavior. Therefore, the ability of these systems to reliably detect attacks is strongly affected by the quality of their models, which are often called “signatures. ” A perfect model would ..."
Abstract - Cited by 68 (6 self) - Add to MetaCart
models that take into account all possible variations is very difficult. For this reason, it would be beneficial to have testing tools that are able to evaluate the “goodness ” of detection signatures. This work describes a technique to test and evaluate misuse detection models in the case of network-based

Bitcoin: A peer-to-peer electronic cash system,” http://bitcoin.org/bitcoin.pdf

by Satoshi Nakamoto
"... www.bitcoin.org Abstract. A purely peer-to-peer version of electronic cash would allow online payments to be sent directly from one party to another without going through a financial institution. Digital signatures provide part of the solution, but the main benefits are lost if a trusted third party ..."
Abstract - Cited by 246 (0 self) - Add to MetaCart
party is still required to prevent double-spending. We propose a solution to the double-spending problem using a peer-to-peer network. The network timestamps transactions by hashing them into an ongoing chain of hash-based proof-of-work, forming a record that cannot be changed without redoing the proof

PolyS: Network-based Signature Generation for Zero-day Polymorphic Worms

by Sounak Paul, Bimal Kumar Mishra
"... With growing sophistication of computer worms, it is very important to detect and prevent the worms quickly and accurately at their early phase of infection. Traditional signature based IDS, though effective for known attacks but failed to handle the zero-day attack promptly. Recent works on polymor ..."
Abstract - Add to MetaCart
on polymorphic worms does not guarantee accurate signature in presence of noise in suspicious flow samples. In this paper we propose PolyS, an improved version of Hamsa, a network based automated signature generation scheme to thwart zeroday polymorphic worms. We contribute a novel architecture that reduces

Pond: the OceanStore Prototype

by Sean Rhea, Patrick Eaton, Dennis Geels, Hakim Weatherspoon, Ben Zhao, John Kubiatowicz , 2003
"... OceanStore is an Internet-scale, persistent data store designed for incremental scalability, secure sharing, and long-term durability. Pond is the OceanStore prototype; it contains many of the features of a complete system including location-independent routing, Byzantine update commitment, push-bas ..."
Abstract - Cited by 222 (18 self) - Add to MetaCart
. Microbenchmarks show that write performance is limited by the speed of erasure coding and threshold signature generation, two important areas of future research. Further microbenchmarks show that Pond manages replica consistency in a bandwidthefficient manner and quantify the latency cost imposed

The 1999 DARPA off-line intrusion detection evaluation

by Joshua W. Haines, David J. Fried, Jonathan Korba, Kumar Das - Computer Networks , 2000
"... Abstract. Eight sites participated in the second DARPA off-line intrusion detection evaluation in 1999. A test bed generated live background traffic similar to that on a government site containing hundreds of users on thousands of hosts. More than 200 instances of 58 attack types were launched again ..."
Abstract - Cited by 205 (9 self) - Add to MetaCart
against victim UNIX and Windows NT hosts in three weeks of training data and two weeks of test data. False alarm rates were low (less than 10 per day). Best detection was provided by network-based systems for old probe and old denialof-service (DoS) attacks and by host-based systems for Solaris user
Results 1 - 10 of 1,021