Technical Track
The paper describes methods of automated threat signature generation from network flows. These methods are being implemented as part of the CERT Polska early warning ARAKIS project, and the paper is a follow up to the ARAKIS talk given at the FIRST 2004 Budapest conference. The paper identifies what constitutes a good signature for use in IDS/IPS systems, presents an architecture of the signature extraction system, describes various signature extraction techniques, including our own proposal and presents some results. The level of technical detail is medium. Targeted at an audience with security experience, in particular, knowledge of the underlying principles of intrusion detection and honeynets is helpful.
http://www.first.org/conference/2006/papers/kijewski-piotr-slides.pdf
Type: Slides
Format: application/pdf
Last updated: May 18, 2006
Size: 1.09 Mb
http://www.first.org/conference/2006/papers/kijewski-piotr-slides.pdf
Type: Slides
Format: application/pdf
Last updated: July 12, 2006
Size: 1.09 Mb
http://www.first.org/conference/2006/papers/kijewski-piotr-papers.pdf
Type: Paper
Format: application/pdf
Last updated: July 12, 2006
Size: 140 Kb
Authors & presenters
(CERT POLSKA – Research and Academic Computer Network in Poland, PL)
