This is interesting, when I started to read about signature-based intrusion detection systems, I thought that signatures were created by using patterns from the exploit. However, as I noticed in a previous entry and learned from the post below (that I found via TaoSecurity), this is not the case.
Errata Security: ANI 0day vs. intrusion detection providers
Errata Security: ANI 0day vs. intrusion detection providers
signatures are usually based on vulnerabilities rather than exploitsThis means that learning systems, like Polygraph, that generates signatures from exploits are not automating the signature generation properly. Though, they are able to block worms exploiting unknown vulnerabilities.
No comments:
Post a Comment