View article

As research in automatic signature generators (ASGs) receives more attention, various attacks against these systems are being identified. One of these attacks is the “allergy attack” which induces the target ASG into generating harmful signatures to filter out normal traffic at the perimeter defense, resulting in a DoS against the protected network. It is tempting to attribute the success of allergy attacks to a failure in not checking the generated signatures against a corpus of known “normal” traffic, as suggested by some researchers. In this paper, we argue that the problem is more fundamental in nature; the alleged “solution” is not effective against allergy attacks as long as the normal traffic exhibits certain characteristics that are commonly found in reality. We have come up with two advanced allergy attacks that cannot be stopped by a corpus-based defense. We also propose a page-rank-based metric for …