An Automated Signature Generation Approach for Polymorphic Worms Using Factor Analysis
نویسندگان
چکیده
Internet worms pose a major threat to Internet infrastructure security, and their destruction will be truly costly. Therefore, the networks must be protected as much as possible against such attacks. In this paper we propose automatic and accurate system for signature generation for unknown polymorphic worms. We have designed a novel double-honeynet system, which is able to detect new worms that have not been seen before. We apply Factor Analysis to determine the most significant substrings that are shared among polymorphic worm instances and use them as signatures. The system is able to generate accurate signatures for polymorphic worms.
منابع مشابه
PolyS: Network-based Signature Generation for Zero-day Polymorphic Worms
With growing sophistication of computer worms, it is very important to detect and prevent the worms quickly and accurately at their early phase of infection. Traditional signature based IDS, though effective for known attacks but failed to handle the zero-day attack promptly. Recent works on polymorphic worms does not guarantee accurate signature in presence of noise in suspicious flow samples....
متن کاملHoneypot-based Signature Generation for Polymorphic Worms
With the growing sophistication of computer worms, information security has become a prime concern for individuals, community and organizations. Traditional signature based IDS, though effective for known attacks but failed to handle the unknown attack promptly. This paper describes a novel honeypot system which isolates the suspicious traffic from normal traffic, and capture most useful inform...
متن کاملSurvey of Polymorphic Worm Signatures
Worms are self –replicating, fast moving malicious codes, capable of spreading themselves without human interaction. It’s a weapon of choice for those, who like to launch destructive attacks on network or internet as a whole. Recently there emerge more sophisticated worms such as polymorphic worm which vary their payload in every infection attempt. Polymorphic worms have more than one mutated i...
متن کاملUsing a bioinformatics approach to generate accurate exploit-based signatures for polymorphic worms
In this paper, we propose Simplified Regular Expression (SRE) signature, which uses multiple sequence alignment techniques, drawn from bioinformatics, in a novel approach to generating more accurate exploit-based signatures. We also provide formal definitions of what is ‘‘a more specific’’ and what is ‘‘the most specific’’ signature for a polymorphic worm and show that the most specific exploit...
متن کاملGenerating Simplified Regular Expression Signatures for Polymorphic Worms
It is crucial to automatically generate accurate and effective signatures to defense against polymorphic worms. Previous work using conjunctions of tokens or token subsequence could lose some important information, like ignoring 1 byte token and neglecting the distances in the sequential tokens. In this paper we propose the Simplified Regular Expression (SRE) signature, and present its signatur...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2011