TY - GEN
T1 - Towards automatically generating double-free vulnerability signatures using Petri nets
AU - Iwahashi, Ryan
AU - De Oliveira, Daniela A.S.
AU - Wu, S. Felix
AU - Crandall, Jedidiah R.
AU - Heo, Young Jun
AU - Oh, Jin Tae
AU - Jang, Jong Soo
PY - 2008
Y1 - 2008
N2 - With the increased popularity of polymorphic and register spring attacks, exploit signatures intrusion detection systems (IDS) can no longer rely only on exploit signatures. Vulnerability signatures that pattern match based on properties of the vulnerability instead of the exploit should be employed. Recent research has proposed three classes of vulnerability signatures but its approach cannot address complex vulnerabilities such as the ASN.1 Double-Free. Here we introduce Petri nets as a new class of vulnerability signature that could potentially be used to detect other types of vulnerabilities. Petri nets can be automatically generated and are represented as a graph making it easier to understand and debug. We analyzed it along side the three other classes of vulnerability signatures in relation to the Windows ASN.1 vulnerability. The results were very promising due to the very low false positive rate and 0% false negative rate. We have shown that Petri nets are a very efficient, concise, and effective way of describing signatures (both vulnerability and exploit). They are more powerful than regular expressions and still efficient enough to be practical. Comparing with the other classes, only Turing machines provided a better identification rate but they incur significant performance overhead.
AB - With the increased popularity of polymorphic and register spring attacks, exploit signatures intrusion detection systems (IDS) can no longer rely only on exploit signatures. Vulnerability signatures that pattern match based on properties of the vulnerability instead of the exploit should be employed. Recent research has proposed three classes of vulnerability signatures but its approach cannot address complex vulnerabilities such as the ASN.1 Double-Free. Here we introduce Petri nets as a new class of vulnerability signature that could potentially be used to detect other types of vulnerabilities. Petri nets can be automatically generated and are represented as a graph making it easier to understand and debug. We analyzed it along side the three other classes of vulnerability signatures in relation to the Windows ASN.1 vulnerability. The results were very promising due to the very low false positive rate and 0% false negative rate. We have shown that Petri nets are a very efficient, concise, and effective way of describing signatures (both vulnerability and exploit). They are more powerful than regular expressions and still efficient enough to be practical. Comparing with the other classes, only Turing machines provided a better identification rate but they incur significant performance overhead.
UR - http://www.scopus.com/inward/record.url?scp=56849104490&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=56849104490&partnerID=8YFLogxK
U2 - 10.1007/978-3-540-85886-7_8
DO - 10.1007/978-3-540-85886-7_8
M3 - Conference contribution
AN - SCOPUS:56849104490
SN - 3540858849
SN - 9783540858843
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 114
EP - 130
BT - Information Security - 11th International Conference, ISC 2008, Proceedings
T2 - 11th International Conference on Information Security, ISC 2008
Y2 - 15 September 2008 through 18 September 2008
ER -