ETRI-Knowledge Sharing Plaform

KOREAN
논문 검색
Type SCI
Year ~ Keyword

Detail

Conference Paper Towards Automatically Generating Double-Free Vulnerability Signatures Using Petri Nets
Cited 4 time in scopus Download 2 time Share share facebook twitter linkedin kakaostory
Authors
Ryan Iwahashi, Daniela A.S. de Oliveira, S. Felix Wu, Jedidiah R. Crandall, Young-Jun Heo, Jin-Tae Oh, Jong-Soo Jang
Issue Date
2008-09
Citation
International Conference on Information Security (ISC) 2008 (LNCS 5222), v.5222, pp.114-130
Language
English
Type
Conference Paper
DOI
https://dx.doi.org/10.1007/978-3-540-85886-7_8
Project Code
08MS2100, Development of Signature Generation and Management Technology against Zero-day Attack, Jong Soo Jang
Abstract
With the increased popularity of polymorphic and register spring attacks, exploit signatures intrusion detection systems (IDS) can no longer rely only on exploit signatures. Vulnerability signatures that pattern match based on properties of the vulnerability instead of the exploit should be employed. Recent research has proposed three classes of vulnerability signatures but its approach cannot address complex vulnerabilities such as the ASN.1 Double-Free. Here we introduce Petri nets as a new class of vulnerability signature that could potentially be used to detect other types of vulnerabilities. Petri nets can be automatically generated and are represented as a graph making it easier to understand and debug. We analyzed it along side the three other classes of vulnerability signatures in relation to the Windows ASN.1 vulnerability. The results were very promising due to the very low false positive rate and 0% false negative rate. We have shown that Petri nets are a very efficient, concise, and effective way of describing signatures (both vulnerability and exploit). They are more powerful than regular expressions and still efficient enough to be practical. Comparing with the other classes, only Turing machines provided a better identification rate but they incur significant performance overhead. © 2008 Springer-Verlag Berlin Heidelberg.
KSP Keywords
False negative rate, Identification rate, Intrusion Detection Systems(IDSs), Intrusion detection system(IDS), Low false positive rate, Pattern match, Performance Overhead, Petri net(PN), Regular Expressions, Turing machines, vulnerability signature