Improving signature testing through dynamic data flow analysis

Proceedings - Annual Computer Security Applications Conference, ACSAC

Volumn , Issue , 2007, Pages 53-63

  Kruegel, Christopher ^a   Balzarotti, Davide ^b   Robertson, William ^b   Vigna, Giovanni ^b  

^a VIENNA UNIVERSITY OF TECHNOLOGY   (Austria)

^b UNIVERSITY OF CALIFORNIA   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

BLACK-BOX TESTING; BLIND SPOTS; COMPUTER SECURITY APPLICATIONS; DIRECT ANALYSIS; DYNAMIC BEHAVIORS; DYNAMIC DATA; INTRUSION DETECTION SYSTEM; NETWORK-BASED INTRUSION DETECTION; NETWORK-BASED INTRUSION DETECTION SYSTEMS; SIGNATURE TESTING; TEST CASES;

COMPUTATIONAL GRAMMARS; COMPUTER APPLICATIONS; COMPUTER CRIME; DATA FLOW ANALYSIS; PULSATILE FLOW; SECURITY OF DATA; SECURITY SYSTEMS; SENSORS; SIGNAL DETECTION; TESTING;

INTRUSION DETECTION;

EID: 48649105829     PISSN: 10639527     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ACSAC.2007.40     Document Type: Conference Paper

References (30)

1. A. Aho and M. Corasick. Efficient string matching: An aid to bibliographic search. Communications of the Association for Computing Machinery, 18(6), 1975.
2. D. Angluin and C. Smith. Inductive Inference: Theory and Methods. ACM Computing Surveys, 15(3), 1983.
3. Anzen. nidsbench:a network intrusion detection system test suite. http://packetstorm.widexs.nl/UNIX/IDS/nidsbench/, 1999.
4. D. Balzarotti. Testing Intrusion Detection Systems. PhD thesis, Politecnico di Milano, 2006.
5. R. Boyer and J. Moore. A Fast String Searching Algorithm. Communications of the Association for Computing Machinery, 20(10), 1977.
6. J. Chow, B. Pfaff, T. Garfinkel, K. Christopher, and M. Rosenblum. Understanding Data Lifetime via Whole System Simulation. In USENIX Security Symposium, 2004.
7. M. Costa, J. Crowcroft, M. Castro, A. Rowstron, L. Zhou, L. Zhang, and P. Barham. Vigilante: End-to-end containment of Internet worms. In Proceedings of the ACM Symposium on Operating Systems Principles, 2005.
8. J. Crandall and F. Chong. Minos: Control Data Attack Prevention Orthogonal to Memory Model. In 37th International Symposium on Microarchitecture, 2004.
9. E. Gold. Language Identification in the Limit. Information and Control, 5(1967), 10.
10. P. Hazel. PCRE: Perl Compatible Regular Expressions. http://www.pcre.org/ , 2005.
11. horizon. Defeating Sniffers and Intrusion Detection Systems. Phrack Magazine, 8(54), December 1998.
12. IBM Zurich Research Laboratory. Thor. http://www.zurich.ibm.com/csc/ infosec/gsal/past-projects/thor/, 2004.
13. S. Jha, S. Rubin, and B. Miller. Using Attack Mutation to Test a High-End NIDS. Information Security Bulletin, vol. 10, April 2005.
14. C. Kruegel, D. Mutz, W. Robertson, G. Vigna, and R. Kemmerer. Reverse Engineering of Network Signatures. In Proceedings of the AusCERT Asia Pacific Information Technology Security Conference, Gold Coast, Australia, May 2005.
15. S. Macaulay. ADMmutate: Polymorphic Shellcode Engine. http://www.ktwo.ca/security.html.
16. R. Marty. Thor: A Tool to Test Intrusion Detection Systems by Variations of Attacks. Master's thesis, ETH Zurich, March 2002.
17. Metasploit Project. Metasploit. http://www.metasploit.com/, 2005.
18. D. Mutz, G. Vigna, and R. Kemmerer. An Experience Developing an IDS Stimulator for the Black-Box Testing of Network Intrusion Detection Systems. In Proceedings of the 2003 Annual Computer Security Applications Conference (ACSAC '03), pages 374-383, Las Vegas, Nevada, December 2003.
19. J. Newsome and D. Song. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In Proceedings of the Network and Distributed System Security Symposium (NDSS), 2005.
20. T. Ptacek and T. Newsham. Insertion, Evasion and Denial of Service: Eluding Network Intrusion Detection. Technical report, Secure Networks, January 1998.
21. R. Graham. SideStep. http://www.robertgraham.com/tmp/sidestep.html, 2005.
22. S. Rubin, S. Jha, and B. Miller. Automatic generation and analysis of NIDS attacks. In Proceedings of the Annual Computer Security Applications Conference (ACSAC), December 2004.
23. S. Rubin, S. Jha, and B. Miller. Language-Based Generation and Evaluation of NIDS Signatures. IEEE Symposium on Security and Privacy, Oakland, California, May, 2005.
24. S. Rubin, S. Jha, and B. Miller. On the Completeness of Attack Mutation Algorithms. Proceedings of the 19th IEEE Workshop on Computer Security Foundations, pages 43-56, 2006.
25. SecurityFocus. Avenger's News System Remote Command Execution Vulnerability. http://securityfocus.com/bid/4149, 2002.
26. SecurityFocus. Microsoft IIS Chunked Encoding Transfer Heap Overflow Vulnerability. http://www.securityfocus.com/bid/4485, 2002.
27. SecurityFocus. Samba 'call_trans2open' Remote Buffer Overflow Vulnerability. http://securityfocus.com/bid/7294, 2005.
28. H. Spencer. regex: Regular Expression Library. http://arglist.com/regex/, 2005.
29. G. Vigna, W. Robertson, and D. Balzarotti. Testing Network-based Intrusion Detection Signatures Using Mutant Exploits. In Proceedings of the ACM Conference on Computer and Communication Security (ACM CCS), pages 21-30, Washington, DC, October 2004.
30. th ACM Conference on Computer and Communications Security, pages 255-264, Washington DC, USA, November 2002.