The aim of this research is to analyze various automated signature generation approaches, catering to generation of efficient signatures for polymorphic worms and networks attacks. Automated signature generation algorithms help in generating signatures for intrusion detection systems to combat network Zero-day attacks on fly, whose signatures are not available. Polymorphic worms and network attacks specifically change their payloads frequently to bypass IDSes signature detection. To detect these types of attacks either heuristic detection should be incorporated with rule-based detection or some algorithm needs to be implemented to generate signatures for polymorphic attacks. This deliverable provides an assesment of the feasibility for the following different approaches and their practical implementation, to generate efficient signatures, on high traffic networks.
Signatures Generation without detecting attacks
- 1. Honeycomb 
- 2. Polygraph 
- 3. Earybird 
- 4. Nemean, etc.
The above category focuses on generating signatures taking malicious as well as innocuous network data, without knowing an attack. Network sensors are placed on central nodes or routers which monitors every packet passing through it.
This document is in PDF format. To view it click here.