Visible to the public Towards an Attack Signature Generation Framework for Intrusion Detection Systems

TitleTowards an Attack Signature Generation Framework for Intrusion Detection Systems
Publication TypeConference Paper
Year of Publication2017
AuthorsShahriar, H., Bond, W.
Conference Name2017 IEEE 15th Intl Conf on Dependable, Autonomic and Secure Computing, 15th Intl Conf on Pervasive Intelligence and Computing, 3rd Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress(DASC/PiCom/DataCom/CyberSciTech)
Keywordsattack signature generation approach, attack signature generation framework, attack signatures, attacks, deployed web services, genetic algorithms, information leakage, organizations valuable information resources, privilege escalation, pubcrawl, resilience, Resiliency, Scalability, security of data, Servers, signature based defense, signature IDSs, Signaturebased Intrusion Detection Systems, Simple object access protocol, SOAP injeciton, Tools, Weapons, web security testing tools, Web Service, web services, XML, XPath injection
AbstractAttacks on web services are major concerns and can expose organizations valuable information resources. Despite there are increasing awareness in secure programming, we still find vulnerabilities in web services. To protect deployed web services, it is important to have defense techniques. Signaturebased Intrusion Detection Systems (IDS) have gained popularity to protect applications against attacks. However, signature IDSs have limited number of attack signatures. In this paper, we propose a Genetic Algorithm (GA)-based attack signature generation approach and show its application for web services. GA algorithm has the capability of generating new member from a set of initial population. We leverage this by generating new attack signatures at SOAP message level to overcome the challenge of limited number of attack signatures. The key contributions include defining chromosomes and fitness functions. The initial results show that the GA-based IDS can generate new signatures and complement the limitation of existing web security testing tools. The approach can generate new attack signatures for injection, privilege escalation, denial of service and information leakage.
Citation Keyshahriar_towards_2017