Skip to main content
USENIX
  • Conferences
  • Students
Sign in

connect with us


  •  Twitter
  •  Facebook
  •  LinkedIn
  •  Google+
  •  YouTube

twitter

Tweets by @usenix

usenix conference policies

  • Event Code of Conduct
  • Conference Network Policy
  • Statement on Environmental Responsibility Policy

You are here

Home ยป An Architecture for Generating Semantic Aware Signatures
Tweet

connect with us

An Architecture for Generating Semantic Aware Signatures

Abstract: 

Identifying new intrusions and developing effective signatures that detect them is essential for protecting computer networks. We present Nemean, a system for automatic generation of intrusion signatures from honeynet packet traces. Our architecture is distinguished by its emphasis on a modular design framework that encourages independent development and modification of system components and protocol semantics awareness which allows for construction of signatures that greatly reduce false alarms. The building blocks of our architecture include transport and service normalization, intrusion profile clustering and automata learning that generates connection and session aware signatures. We demonstrate the potential of Nemean's semantics-aware, resilient signatures through a prototype implementation. We use two datasets to evaluate the system: (i) a production dataset for false-alarm evaluation and (ii) a honeynet dataset for measuring detection rates. Signatures generated by Nemean for NetBIOS exploits had a 0% false-positive rate and a 0.04% false-negative rate.

Vinod Yegneswaran, University of Wisconsin, Madison

Jonathon T. Giffin, University of Wisconsin, Madison

Paul Barford, University of Wisconsin, Madison

Somesh Jha, University of Wisconsin, Madison

BibTeX
@inproceedings {269255,
author = {Vinod Yegneswaran and Jonathon T. Giffin and Paul Barford and Somesh Jha},
title = {An Architecture for Generating Semantic Aware Signatures},
booktitle = {14th USENIX Security Symposium (USENIX Security 05)},
year = {2005},
address = {Baltimore, MD},
url = {https://www.usenix.org/conference/14th-usenix-security-symposium/architecture-generating-semantic-aware-signatures},
publisher = {USENIX Association},
month = jul
}
Download

Links

Paper: 
http://usenix.org/publications/library/proceedings/sec05/tech/full_papers/yegneswaran/yegneswaran.pdf
Paper (HTML): 
http://usenix.org/publications/library/proceedings/sec05/tech/full_papers/yegneswaran/yegneswaran_html/index.html
  • Log in or    Register to post comments

© USENIX

  • Privacy Policy
  • Contact Us