Colloquium Details
Automatic Signature Generation for Unknown Vulnerabilities
| Author: | Weidong Cui Microsoft Research |
|---|---|
| Date: | April 03, 2008 |
| Time: | 15:30 |
| Location: | 220 Deschutes |
| Host: | Jun Li |
Abstract
In this talk, I will present a new approach for automatically generating a vulnerability signature for an unknown vulnerability, given a zero-day attack instance. Our approach is based on two systems we developed: Tupni and ShieldGen. Tupni takes one or more input instances and reverse engineers their format by analyzing how an application parses and processes them. Its reverse-engineered format has a rich set of information, including record sequences, record types and input constraints. We have implemented a prototype of Tupni and demonstrated that it can effectively reverse engineer 10 common, real-world file and network message formats. ShieldGen can generate a vulnerability signature for an unknown vulnerability, given a zero-day attack instance and its format. The key novelty of ShieldGen is that it leverages knowledge of the input format to generate new potential attack instances, uses a zero-day detector as an oracle to determine if an instance can still exploit the vulnerability, and then takes the feedback of the oracle to guide its search for the vulnerability signature. We have implemented a prototype of ShieldGen and used it to generate high-quality vulnerability signatures for three real-world vulnerabilities. By feeding the input format generated by Tupni to ShieldGen, we can automatically generate a vulnerability signature even when the format of the attack instance is unknown. We have integrated Tupni with ShieldGen and demonstrated that we can automatically generate the vulnerability signature for a real-world WMF vulnerability given a single malicious WMF file.
Biography
Weidong Cui is a researcher in the research interests lie in the areas of systems and networking security. He received his Ph.D. in Electrical Engineering and Computer Sciences (2006) and his M.S. in Computer Science (2003) from the University of California, Berkeley, and his M.E. (2000) and B.E. (1998) in Electronic Engineering from Tsinghua University in Beijing, China.