An attack signature is
- "[a]ctivities or alterations to an IS indicating an attack or attempted attack, detectable by examination of audit trail logs."
- "[a] characteristic byte pattern used in malicious code or an indicator, or set of indicators, that allows the identification of malicious network activities."
- ↑ NIST Special Publication 800-12.
- ↑ Practices for Securing Critical Information Assets, Glossary, at 51.