Network Security Model for Attack Signature Generation Tracking and Analysis

Abstract

With the rapid growth of networks and Internet, security has become a big area of concern. The risk to the network resources is increasing day by day with the fast growing trends in attacks and intrusions. Despite current detection measures in place, timely discovery of novel attacks is still a critical issue. Intrusion Detection System (IDS) is a well known network security mechanism. IDS may use anomaly based or misuse based approach for detection of intrusions. Signature based technique is the most popular way of misuse detection. Most of IDS use signature based detection as it has low false alarm rate. But, on the contrary there is a big problem with this technique that it cannot detect unknown attacks whose signatures are not stored in their databases. Signature updating is generally a manual process and is a great overhead. Automated signature generation for Intrusion Detection Systems for proactive security of networks has been an emerging area of research. There are many solutions available in literature as proposed by various researchers. But still there is a need to address this problem as the intensity and sophistication of exploits and attacks are increasing exponentially by each passing day. After an extensive review of literature about current security solutions and various mechanisms, a need for automatic signature generation of HTTP and SMTP attacks has been identified. The work carried out in this thesis is focused on attack detection and signature generation of unknown attacks. For the accomplishment of proposed objectives, a proactive hybrid framework, HIDESIGN (Hybrid Intrusion DEtector and SIGNature generator), for attack detection and signature generation has been designed, implemented and tested. This thesis has been organized into six chapters.