A signature is
|“||[a] recognizable, distinguishing pattern associated with an attack, such as a binary string in a virus or a particular set of keystrokes used to gain unauthorized access to a system.||”|
|“||specific machine readable patterns of network traffic that affect the integrity, confidentiality, or availability of computer networks, systems, and information.||”|
A signature is
|“||[a] distinctive characteristic or set of characteristics that consistently recurs and identifies a piece of equipment, material, activity, individual, or event such as a radio frequency or acoustic characteristics.||”|
A signature "includes a mark when the person making the same intended it as such."
Signatures are based upon indicators of known or suspected cyber threats. Signatures are specific patterns of network traffic that affect the integrity, confidentiality, or availability of computer networks, systems, and information. For example, a specific signature might identify a known computer virus that is designed to delete files from a computer without authorization. Signatures may contain instructions to copy pre-defined portions of the participating agency’s traffic associated with such cyber threats. Alerts from signatures contain descriptive information about the cyber threats identified by the signature.
- NIST Special Publication 800-61 (rev. 2), Glossary, at C-1.
- Privacy Impact Assessment for EINSTEIN 3-Accelerated (E3A), at 3 n.4.
- DoD Directive 5250.01, Glossary, at 13.
- 1 U.S.C. §1.
- Department of Homeland Security, Privacy Impact Assessment for the Initiative Three Exercise 7 (Mar. 18, 2010) (full-text).