Efficient hybrid technique for detecting zero-day polymorphic worms
作者: Ratinder Kaur , Maninder Singh
DOI: 10.1109/IADCC.2014.6779301
关键词: False positive paradox 、 Computer science 、 Computer security 、 Exploit 、 The Internet 、 New infection
摘要: This paper presents an efficient technique for detecting zero-day polymorphic worms with almost zero false positives. Zero-day not only exploit unknown vulnerabilities but also change their own representations on each new infection or encrypt payloads using a different key per infection. Thus, there are many variations in the signatures same worm, making fingerprinting very difficult. With ability to rapidly propagate, these increasingly threaten Internet hosts and services. If detected contained at right time, they can potentially disable wreak serious havoc. So detection of is paramount importance.
sci-hub.se 参考文章(18)
G. Portokalidis, H.J. Bos, J.M. Slowinska, Argos: an Emulator for Fingerprinting Zero-Day Attacks ,(2006)
Niels Provos, A virtual honeypot framework usenix security symposium. pp. 1- 1 ,(2004)
Christopher Kruegel, Engin Kirda, Darren Mutz, William Robertson, Giovanni Vigna, Polymorphic Worm Detection Using Structural Information of Executables Lecture Notes in Computer Science. pp. 207- 226 ,(2006) , 10.1007/11663812_11
Wen-Chen Sun, Yi-Ming Chen, A rough set approach for automatic key attributes identification of zero-day polymorphic worms Expert Systems with Applications. ,vol. 36, pp. 4672- 4679 ,(2009) , 10.1016/J.ESWA.2008.06.037
Michalis Polychronakis, Kostas G. Anagnostakis, Evangelos P. Markatos, Network-level polymorphic shellcode detection using emulation Journal in Computer Virology. ,vol. 2, pp. 257- 274 ,(2007) , 10.1007/S11416-006-0031-Z
Georgios Portokalidis, Herbert Bos, SweetBait: Zero-hour worm detection and containment using low- and high-interaction honeypots Computer Networks. ,vol. 51, pp. 1256- 1274 ,(2007) , 10.1016/J.COMNET.2006.09.005
Lorenzo Cavallaro, Andrea Lanzi, Luca Mayer, Mattia Monga, LISABETH Proceedings of the fourth international workshop on Software engineering for secure systems - SESS '08. pp. 41- 48 ,(2008) , 10.1145/1370905.1370911
Pragya Jain, Anjali Sardana, Defending against internet worms using honeyfarm Proceedings of the CUBE International Information Technology Conference on - CUBE '12. pp. 795- 800 ,(2012) , 10.1145/2381716.2381867
S. Almotairi, A. Clark, G. Mohay, J. Zimmermann, A Technique for Detecting New Attacks in Low-Interaction Honeypot Traffic international conference on internet monitoring and protection. pp. 7- 13 ,(2009) , 10.1109/ICIMP.2009.9
Mohssen M. Z. E. Mohammed, H. Anthony Chan, Neco Ventura, Honeycyber: Automated signature generation for zero-day polymorphic worms military communications conference. pp. 1- 6 ,(2008) , 10.1109/MILCOM.2008.4753178