olemus
ründe liigile omane äratuntav tegevusmuster süsteemis, sageli ilmneb logides
ISO/IEC 27039:
ründe sooritamise arvutitoimingute või -muutuste jada, mis võimaldab avastada ründe toimumist; sageli tuvastatakse võrguliikluse või logide uurimisega
= sequence of computing activities or alterations that are used to execute an attack and which are also used by an IDPS to discover that an attack has occurred and often is determined by the examination of network traffic or host logs
Note. This can also be referred to as an attack pattern.

ülevaateid
https://wtit.com/f5-resources/f5-big-ip-asm-attack-signatures/
https://www.first.org/resources/papers/conference2006/kijewski-piotr-slides.pdf
https://romisatriawahono.net/lecture/rm/survey/network%20security/Kaur%20-%20Automatic%20Attack%20Signature%20Generation%20-%202013.pdf
https://www.broadcom.com/support/security-center/attacksignatures
https://docs.cloud.f5.com/docs-v2/platform/reference/attack-signatures