Polygraph is a tool designed to generate attack signature from a corpus of data. The idea is to be able to generate quickly and automatically the signature of an attack. This is useful for Worms detection for instance. This is a work by James Newsome, Brad Karp, and Dawn Song. Since them many “anti-polygraph” papers have been published. In particular Allergy attacks (S. Chung and K. Mok) are very interessting, However it is very nice and stimulating to have a publicly available tool to test ideas.
The paper (PDF version) that details this tool was presented at S&P 2005
The Polygraph source code can be downloaded here
This paper introduces a methodology to performs link layer network mapping. As far as I know this is the most generic method to do so. It relies on Variable Packet Size capacity to infers the number of switchs present on the network. It is nice because it does not requires switch to have SNMP agents. This method does not work on other network device than store and forward switch, such as hub for instance. The paper provide link to various implementation that use VPS discovery algorithm. This paper is part of the PAM 2005 workshop and was written by Shane Alcock (University of Waikato), Anthony McGregor (University of Waikato), and Richard Nelson (University of Waikato).
Using Simple Per-Hop Capacity Metrics to Discover Link Layer Network Topology (pdf version)
Latest Comments