从污染图自动多步签名派生

M. Ussath, Feng Cheng, C. Meinel
{"title":"从污染图自动多步签名派生","authors":"M. Ussath, Feng Cheng, C. Meinel","doi":"10.1109/SSCI.2016.7850076","DOIUrl":null,"url":null,"abstract":"An increasing number of attacks use advanced tactics, techniques and methods to compromise target systems and environments. Such multi-step attacks are often able to bypass existing prevention and detection systems, such as Intrusion Detection Systems (IDSs), firewalls and anti-virus solutions. These security systems either use an anomaly-based or a signature-based detection approach. For systems that utilize a signature-based approach, it is relevant to use precise detection signatures to identify attacks. The creation of signatures is often complex and time consuming, especially for multi-step attacks. In this paper, we propose a signature derivation approach that automatically creates multi-step detection signatures from taint graphs. The approach uses the recorded log events of an attack and the event attribute tainting approach to correlate the events and to create a taint graph. This graph, which provides comprehensive details about the attack, is then used to derive a precise multi-step detection signature. Therewith, this approach can reduce the needed time to create a multi-step signature as well as the complexity of this process. For the evaluation of the proposed approach, we simulated a multi-step attack with real world attack tools and methods. Based on the recorded log events and the implemented signature derivation system we automatically derived a multi-step detection signature that describes all relevant events and their relations.","PeriodicalId":120288,"journal":{"name":"2016 IEEE Symposium Series on Computational Intelligence (SSCI)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2016-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":"{\"title\":\"Automatic multi-step signature derivation from taint graphs\",\"authors\":\"M. Ussath, Feng Cheng, C. Meinel\",\"doi\":\"10.1109/SSCI.2016.7850076\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"An increasing number of attacks use advanced tactics, techniques and methods to compromise target systems and environments. Such multi-step attacks are often able to bypass existing prevention and detection systems, such as Intrusion Detection Systems (IDSs), firewalls and anti-virus solutions. These security systems either use an anomaly-based or a signature-based detection approach. For systems that utilize a signature-based approach, it is relevant to use precise detection signatures to identify attacks. The creation of signatures is often complex and time consuming, especially for multi-step attacks. In this paper, we propose a signature derivation approach that automatically creates multi-step detection signatures from taint graphs. The approach uses the recorded log events of an attack and the event attribute tainting approach to correlate the events and to create a taint graph. This graph, which provides comprehensive details about the attack, is then used to derive a precise multi-step detection signature. Therewith, this approach can reduce the needed time to create a multi-step signature as well as the complexity of this process. For the evaluation of the proposed approach, we simulated a multi-step attack with real world attack tools and methods. Based on the recorded log events and the implemented signature derivation system we automatically derived a multi-step detection signature that describes all relevant events and their relations.\",\"PeriodicalId\":120288,\"journal\":{\"name\":\"2016 IEEE Symposium Series on Computational Intelligence (SSCI)\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"6\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 IEEE Symposium Series on Computational Intelligence (SSCI)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SSCI.2016.7850076\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE Symposium Series on Computational Intelligence (SSCI)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SSCI.2016.7850076","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 6

摘要

越来越多的攻击使用先进的战术、技术和方法来破坏目标系统和环境。这种多步骤攻击通常能够绕过现有的防御和检测系统,例如入侵检测系统(ids)、防火墙和反病毒解决方案。这些安全系统要么使用基于异常的检测方法,要么使用基于签名的检测方法。对于使用基于签名的方法的系统,使用精确的检测签名来识别攻击是相关的。签名的创建通常是复杂和耗时的,特别是对于多步骤攻击。本文提出了一种从污染图中自动生成多步检测签名的签名派生方法。该方法使用记录的攻击日志事件和事件属性污染方法来关联事件并创建污染图。此图提供了有关攻击的全面细节,然后用于派生精确的多步骤检测签名。因此,该方法可以减少创建多步签名所需的时间,并降低该过程的复杂性。为了评估所提出的方法,我们用真实世界的攻击工具和方法模拟了一个多步骤攻击。基于所记录的日志事件和实现的签名派生系统,自动生成了描述所有相关事件及其关系的多步检测签名。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Automatic multi-step signature derivation from taint graphs
An increasing number of attacks use advanced tactics, techniques and methods to compromise target systems and environments. Such multi-step attacks are often able to bypass existing prevention and detection systems, such as Intrusion Detection Systems (IDSs), firewalls and anti-virus solutions. These security systems either use an anomaly-based or a signature-based detection approach. For systems that utilize a signature-based approach, it is relevant to use precise detection signatures to identify attacks. The creation of signatures is often complex and time consuming, especially for multi-step attacks. In this paper, we propose a signature derivation approach that automatically creates multi-step detection signatures from taint graphs. The approach uses the recorded log events of an attack and the event attribute tainting approach to correlate the events and to create a taint graph. This graph, which provides comprehensive details about the attack, is then used to derive a precise multi-step detection signature. Therewith, this approach can reduce the needed time to create a multi-step signature as well as the complexity of this process. For the evaluation of the proposed approach, we simulated a multi-step attack with real world attack tools and methods. Based on the recorded log events and the implemented signature derivation system we automatically derived a multi-step detection signature that describes all relevant events and their relations.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信