GOVCERT.NL Symposium 2008. 16 & 17 September - World Trade Center Rotterdam
How Sustainable is Your Security?
Tillmann Werner Security Engineer CERT-Bund

Tillmann works as an incident handler at the German national CERT. He is a developer at mwcollect.org, a member of the Honeynet Project, and has been doing research in the area of network-based attacks for more than 5 years. Tillmann is currently experimenting with automated intrusion signature generation and has never attended an XML or Java class in his life!

Intrusion Signature Generation Tuesday 16 September, 14:40-15:25, Penn Room

Monitoring networks is possible with a variety of tools, and signature-based intrusion detection systems are a state-of-the art technology for identifying malicious activity. However, an intrusion attempt can only be identified if an appropriate pattern exists, but attack trends change very quickly nowadays, making it impossible to keep up with manual signature engineering. The presentation addresses this issue and describes the nebula framework which implements a novel concept for automatic signature generation based on efficient automatic attack classification. Signatures are constructed for each class from syntactical commonalities. The presentation outlines that syntactical patterns are sufficient for identifying previously unknown attack types and demonstrates how nebula was able to generate valid signatures for 0day attacks without any further knowledge. It also covers how nebula could help during attack analysis and explains how to build self-defending networks based on automatic signature generation.

Please respect your privacy and review our privacy statement. GOVCERT.NL does not guarantee the correctness or completeness of third party information sources mentioned on this website, even if linked to directly. Except where noted, content on this site is licensed under a Attribution-Share Alike 3.0 Netherlands License.