Polygraph is a tool designed to generate attack signature from a corpus of data. The idea is to be able to generate quickly and automatically the signature of an attack. This is useful for Worms detection for instance. This is a work by James Newsome, Brad Karp, and Dawn Song. Since them many “anti-polygraph” papers have been published. In particular Allergy attacks (S. Chung and K. Mok) are very interessting, However it is very nice and stimulating to have a publicly available tool to test ideas.
The paper (PDF version) that details this tool was presented at S&P 2005
The Polygraph source code can be downloaded here
0 Responses to “Polygraph: Automatically generating signatures for polymorphic worms (tool)”