- Overview
- Symposium Organizers
- Registration Information
- Registration Discounts
- At a Glance
- Calendar
- Technical Sessions
- Birds-of-a-Feather Sessions
- Poster Session
- Sponsorship
- Workshops
- Activities
- Hotel and Travel Information
- Services
- Students
- Questions
- Help Promote!
- Flyer PDF
- For Participants
- Call for Papers
- Past Symposia
sponsors
usenix conference policies
You are here
MetaSymploit: Day-One Defense against Script-based Attacks with Security-Enhanced Symbolic Analysis
Ruowen Wang, Peng Ning, Tao Xie, and Quan Chen, North Carolina State University
A script-based attack framework is a new type of cyberattack tool written in scripting languages. It carries various attack scripts targeting vulnerabilities across different systems. It also supports fast development of new attack scripts that can even exploit zero-day vulnerabilities. Such mechanisms pose a big challenge to the defense side since traditional malware analysis cannot catch up with the emerging speed of new attack scripts. In this paper, we propose MetaSymploit, the first system of fast attack script analysis and automatic signature generation for a network Intrusion Detection System (IDS). As soon as a new attack script is developed and distributed, MetaSymploit uses security-enhanced symbolic execution to quickly analyze the script and automatically generate specific IDS signatures to defend against all possible attacks launched by this new script from Day One. We implement a prototype of MetaSymploit targeting Metasploit, the most popular penetration framework. In the experiments on 45 real attack scripts, MetaSymploit automatically generates Snort IDS rules as signatures that effectively detect the attacks launched by the 45 scripts. Furthermore, the results show that MetaSymploit substantially complements and improves existing Snort rules that are manually written by the official Snort team.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Ruowen Wang and Peng Ning and Tao Xie and Quan Chen},
title = {{MetaSymploit}: {Day-One} Defense against Script-based Attacks with {Security-Enhanced} Symbolic Analysis},
booktitle = {22nd USENIX Security Symposium (USENIX Security 13)},
year = {2013},
isbn = {978-1-931971-03-4},
address = {Washington, D.C.},
pages = {65--80},
url = {https://www.usenix.org/conference/usenixsecurity13/technical-sessions/papers/wang},
publisher = {USENIX Association},
month = aug
}
connect with us