Automatic Signature Generation for Network Services through Selective Extraction of Anomalous Contents

Abstract

In this paper, a novel methodology for automatic signature generation is proposed. It is based on modelling the normal behaviour of a given network service, and identifying the contents that contribute the most to the anomalous classification of a given event. These contents are extracted to provide the anomaly with a “signature” for representing it. The promising experimental results obtained show that the proposed scheme can actively contribute to the usual hard task of creating signatures for new attacks, thus improving the general monitoring and security management of network environments.