FIRST - Improving Security Together 18th Annual FIRST Conference - June 2006 - Baltimore, Maryland

Automated Extraction of Threat Signatures from Network Flows







Platinum Sponsor

BT



Silver Sponsor

Diageo



Local Host

CERT Coordination Center



Supporting Sponsors

Sun



Google



Hitachi



ISS



E-Secure-IT

Korea CertCC



Conference Schedule

Technical Track

Wednesday – June 28th, 14:30

The paper describes methods of automated threat signature generation from network flows. These methods are being implemented as part of the CERT Polska early warning ARAKIS project, and the paper is a follow up to the ARAKIS talk given at the FIRST 2004 Budapest conference. The paper identifies what constitutes a good signature for use in IDS/IPS systems, presents an architecture of the signature extraction system, describes various signature extraction techniques, including our own proposal and presents some results. The level of technical detail is medium. Targeted at an audience with security experience, in particular, knowledge of the underlying principles of intrusion detection and honeynets is helpful.

Authors & presenters

  • PLPiotr Kijewski Presenter (CERT POLSKA – Research and Academic Computer Network in Poland, PL)


Conference Schedule