Zero-Day Signature Extraction for High-Volume Attacks
About the Project
Joint work with Tel-Aviv University professor Anat Bremler-Barr and Phd student Shir Landau Feibish.
We have developed a basic tool for zero day attack signature extraction. Given two large sets of messages, P the messages captured in the network at peacetime and A, messages captured during attack time, we present a tool for extracting a set S of strings that are frequently found in A and not in P , thus allowing the identification of the attack packets. This is an important tool in protecting sites on the Internet from worm attacks and distributed denial of service attacks and may also be useful for other problems, including command and control identification and the DNA-sequences analysis. The main contributions of this paper are the system we developed to extract the required signatures together with the string-heavy hitters problem definition and the algorithm for solving this problem. Using our system, a yet unknown attack can be detected and stopped within minutes from attack start time.
Zero-Day Signature Extraction for High-Volume Attacks. IEEE/ACM Trans. Netw. 27(2): 691-706 (2019)