ERES: an extended regular expression signature for polymorphic worm detection
作者: Razieh Eskandari , Mahdi Shajari , Mojtaba Mostafavi Ghahfarokhi
DOI: 10.1007/S11416-019-00330-1
关键词: Computer science 、 Regular expression 、 Security token 、 Signature (logic) 、 Face (geometry) 、 The Internet 、 Noise tolerance 、 Process (computing) 、 Algorithm 、 Set (abstract data type)
摘要: The quick spreading of modern sophisticated polymorphic worms poses a serious threat to the internet security. So far, several signature classes have been proposed face this challenge. Although taking patterns such as 1-byte invariants and distance restrictions into are considered in previous schemes, they do not consider set specific values, which important successful execution worm. In paper, we introduce new type, called ERES (Extended Regular Expression Signature). By considering all above specifications, along with probability being worm, worm signature, generates more leading accurate detection. addition, accelerate extraction process, it combines token sequence alignment. Evaluations based on multiple demonstrate that approach is acceptable terms speed, accuracy, noise tolerance.
springer.com
sci-hub.se 参考文章(41)
Prasanta Gogoi, Monowar H. Bhuyan, D. K. Bhattacharyya, J. K. Kalita, Packet and Flow Based Network Intrusion Dataset international conference on contemporary computing. pp. 322- 334 ,(2012) , 10.1007/978-3-642-32129-0_34
Brad Karp, Hyang-Ah Kim, Autograph: toward automated, distributed worm signature detection usenix security symposium. pp. 19- 19 ,(2004)
Yong Tang, Xicheng Lu, Bin Xiao, Generating simplified regular expression signatures for polymorphic worms autonomic and trusted computing. pp. 478- 488 ,(2007) , 10.1007/978-3-540-73547-2_49
Razieh Eskandari, Mehdi Shajari, Asadallah Asadi, Automatic signature generation for polymorphic worms by combination of token extraction and sequence alignment approaches conference on information and knowledge technology. pp. 1- 6 ,(2015) , 10.1109/IKT.2015.7288733
Nan Li, Chunhe Xia, Yi Yang, Haiquan Wang, An Algorithm for Generation of Attack Signatures Based on Sequences Alignment computer science and software engineering. ,vol. 3, pp. 964- 969 ,(2008) , 10.1109/CSSE.2008.555
Min Cai, Kai Hwang, Jianping Pan, Christos Papadopoulos, WormShield: Fast Worm Signature Generation with Distributed Fingerprint Aggregation IEEE Transactions on Dependable and Secure Computing. ,vol. 4, pp. 88- 104 ,(2007) , 10.1109/TDSC.2007.1000
Burak Bayoğlu, İbrahim Soğukpınar, Graph based signature classes for detecting polymorphic worms via content analysis Computer Networks. ,vol. 56, pp. 832- 844 ,(2012) , 10.1016/J.COMNET.2011.11.007
Wei-Chao Lin, Shih-Wen Ke, Chih-Fong Tsai, CANN: An intrusion detection system based on combining cluster centers and nearest neighbors Knowledge Based Systems. ,vol. 78, pp. 13- 21 ,(2015) , 10.1016/J.KNOSYS.2015.01.009
XiaoFeng Wang, Zhuowei Li, Jun Xu, Michael K. Reiter, Chongkyung Kil, Jong Youl Choi, Packet vaccine Proceedings of the 13th ACM conference on Computer and communications security - CCS '06. pp. 37- 46 ,(2006) , 10.1145/1180405.1180412
Yong Tang, Bin Xiao, Xicheng Lu, Using a bioinformatics approach to generate accurate exploit-based signatures for polymorphic worms Computers & Security. ,vol. 28, pp. 827- 842 ,(2009) , 10.1016/J.COSE.2009.06.003