Allergy Attack Against Automatic Signature Generation

  • Simon P. Chung
  • Aloysius K. Mok
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4219)

Abstract

Research in systems that automatically generate signatures to filter out zero-day worm instances at perimeter defense has received a lot of attention recently. While a well known problem with these systems is that the signatures generated are usually not very useful against polymorphic worms, we shall in this paper investigate a different, and potentially more serious problem facing automatic signature generation systems: attacks that manipulate the signature generation system and turn it into an active agent for DoS attack against the protected system. We call this new attack the “allergy attack”. This type of attack should be anticipated and has in fact been an issue in the context of “detraining” in machine learning. However, we have not seen a demonstration of its practical impact in real intrusion detection/prevention systems. In this paper, we shall demonstrate the practical impact of “allergy attacks”.

Keywords

Automatic Signature Generation Adaptive Response Intrusion Prevention 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Simon P. Chung
    • 1
  • Aloysius K. Mok
    • 1
  1. 1.Department of Computer SciencesUniversity of Texas at AustinAustinUSA

Personalised recommendations