Colloquia: Dawn Song/Carnegie Mellon University ECE & CS Towards Automatic Generation of Vulnerability Signatures TAY 3.128

Contact Name: 
Jenna Whitney
Nov 27, 2006 10:00am - 11:00am

There is a signup schedule for this event.

Type of Talk: Co


Speaker Name: Dawn Song

Speaker Affiliation: Carneg

ie Mellon University ECE & CS

Date: Monday November 27 2006

br>Start Time: 10:00 a.m.

Location: TAY 3.128

Host: CIAS &

Talk Title: Towards Automatic Generation of Vulnerabilit

y Signatures

Talk Abstract:
Content-based filtering using attack

signatures is a widely-adopted defense mechansim against worm attacks and o

ther malware attacks. However so far the core of this defense mechanism

signature generation has largely been a manual process which can be slow
tedious inaccurate and have fundamental limitations to scalability and c

omplexity. In this talk I will present our recent works towards automatic

generation of worm signatures.

I will first talk about pattern-extra

ction based signature generation where we use machine learning techniques t

o extract distinguishing features of attack packets to create signatures. I
will then talk about some of the fundamental limitations of such pattern-e

xtraction based approach in defending against polymorphic attacks and other
malicious attacks. Finally I will introduce our new approach language-b

ased methods for automatic generation of vulnerability signatures. A vulne

rability signature matches all exploits of a given vulnerability even poly

morphic or metamorphic variants. We propose new techniques using data-flow
analysis and constraint solving for automatically generating vulnerability
signatures. Our experiments show that we can automatically generate a vuln

erability signature using a single exploit which is of much higher quality

than previous approaches demonstrating our approach is a promising directi

on towards automatic generation of worm signatures. Finally our techniques
have wide applicability beyond signature generation and I will give some

example applications including application dialogue replay.


Dawn Song is an Assistant Professor at Carnegie Mellon University.

She obtained her PhD in Computer Science from UC Berkeley. Her research int

erest lies in security and privacy issues in computer systems and networks.
She is the author of more than 35 research papers in areas ranging from so

ftware security networking security database security distributed system

s security to applied cryptography. She is the recipient of various awards
and grants including the NSF CAREER Award and the IBM Faculty Award. She h

as served on numerous program committees of prestigious conferences includi

ng Symposium on Operating Systems Design and Implementation (OSDI) ACM Com

puter and Communication Security (CCS) USENIX Security Symposium Network

and Distributed Systems Security Symposium (NDSS) USENIX Annual Technical

Conference Symposium on Recent Advance in Intrusion Detection (RAID) IEEE
Infocom ACM Sensor Networks and Systems Conference (SenSys).