Abstract
The poster will be a presentation
of an intrusion detection tool developed in Java. This tool utilizes a
previously implemented skeleton called AEGIS written in the Java programming
language to auto generate rules for an IDS(Intrusion 15215h719p Detection System) called
Snort. AEGIS is a vulnerability analysis
toolkit developed by members of Dr. Shambhu Upadhyaya’s research team of
SUNYUniversity
at Buffalo. It
was created in an effort to protect against zero-day exploits. A zero-day
exploit is a computer or network attack that tries to take advantage of an
unpatched vulnerability. When a bug is made known to the public, a zero day
exploit will attack its target until a patch is released for it, typically
damaging much of the system before the patch is released. The tool’s three
essential components are vulnerability aggregation, service identification, and
policy-based rule generation. The tool visits different vulnerability-listing
websites on the World Wide Web such as Secunia or the National Vulnerability Database,
parses through the site to organize vulnerabilities in a uniform manner, and
creates Snort rules for these vulnerabilities.
The submitted poster will display a
timeline representing the evolution of the AEGIS tool from the beginning of the
summer research session until the present day and include facts about its main
components. It will discuss the concept of zero day exploits. Another one of
its major points will be a comparison chart explaining the criteria used from
the aggregated vulnerabilities to automatically generate unique IDS signatures.
It will also contain information regarding the databases used for the project
(Secunia Vulnerability Database, National Vulnerability Database, Internet
Assigned Numbers Authority).