View Full Document


Unformatted text preview:

Improving Signature Testing Through Dynamic Data Flow Analysis Christopher Kruegel Technical University Vienna chris auto tuwien ac at Davide Balzarotti William Robertson Giovanni Vigna University of California Santa Barbara balzarot wkr vigna cs ucsb edu Abstract The effectiveness and precision of network based intrusion detection signatures can be evaluated either by direct analysis of the signatures if they are available or by using black box testing if the system is closed source Recently several techniques have been proposed to generate test cases by automatically deriving variations or mutations of attacks Even though these techniques have been useful in identifying blind spots in the signatures of closed source network based intrusion detection systems the generation of test cases is performed in a random unguided fashion The reason is that there is no information available about the signatures to be tested As a result identifying a test case that is able to evade detection is difficult In this paper we propose a novel approach to drive the generation of test cases by using the information gathered by analyzing the dynamic behavior of the intrusion detection system Our approach applies dynamic data flow analysis techniques to the intrusion detection system to identify which parts of a network stream are used to detect an attack and how these parts are matched by a signature The result of our analysis is a set of constraints that is used to guide the black box testing process so that the mutations are applied to only those parts of the attack that are relevant for detection By doing this we are able to perform a more focused generation of the test cases and improve the process of identifying an attack variation that evades detection 1 Introduction Intrusion detection systems IDSs can be broadly divided into two classes those that rely on models of normal behavior and detect deviations from these models i e anomaly based systems and those that contain

Access the best Study Guides, Lecture Notes and Practice Exams

Loading Unlocking...

Join to view Testing Through Dynamic Data and access 3M+ class-specific study document.

We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Testing Through Dynamic Data and access 3M+ class-specific study document.


By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?