|Title:||Towards Generating High Coverage Vulnerability-based Signatures with Protocol-level Constraint-guided Exploration|
|Authors:||Juan Caballero, Zhenkai Liang, Pongsin Poosankam, Dawn Song|
|Publication Date:||June 24, 2008|
Signature-based input filtering is an important and widely-deployed defense. But current signature generation methods have limited coverage and the generated signatures can be easily evaded by an attacker with small variations of the exploit message. In this paper, we propose protocol-level constraint-guided exploration, a new approach towards generating high coverage vulnerability-based signatures. In particular, our approach generates high coverage, yet compact, vulnerability point reachability predicates, which capture many paths to the vulnerability point. We have implemented Endeavor, a system that uses our approach. The results show that our signatures have high coverage (i.e., optimal or close to optimal in our experiments) -- and are small (i.e., often human readable) -- offering dramatic improvements over previous approaches.
Full Report: CMU-CyLab-08-009