Re: automatic signature generation
- From: Jose Nazario <jose@xxxxxxxxxx>
- Date: Thu, 24 May 2007 11:08:41 -0400 (EDT)
have a look at tools like:
netsift www.netsift.net/ -- now a part of cisco, but check out
their technology.
honeycomb - www.icir.org/christian/honeycomb/index.html
uses suffix trees to evaluate honeypot dat to build signatures.
in short its been done, there's some room for improvement (via hueristics and better speedups via algorithms), but it's proven to work.
________
jose nazario, ph.d. jose@xxxxxxxxxx
http://monkey.org/~jose/ http://monkey.org/~jose/secnews.html
http://www.wormblog.com/
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more.
------------------------------------------------------------------------
- Follow-Ups:
- RE: automatic signature generation
- From: Oleg Kolesnikov x 133
- RE: automatic signature generation
- References:
- automatic signature generation
- From: Sanjay R
- Re: automatic signature generation
- From: Tim
- automatic signature generation
- Prev by Date: Re: automatic signature generation
- Next by Date: Detecting covert data channels?
- Previous by thread: Re: automatic signature generation
- Next by thread: RE: automatic signature generation
- Index(es):
Relevant Pages
|
Loading
