Polymorphic worm detection using token-pair signatures
作者: Burak Bayoglu , Ibrahim Sogukpinar
关键词: Code (cryptography) 、 Schema (genetic algorithms) 、 Artificial intelligence 、 Pattern recognition 、 Application software 、 Security token 、 Subsequence 、 False positive paradox 、 Computer science 、 Computer security 、 Polymorphic code 、 Signature (logic)
摘要: A worm is a self-replicating computer program which does not need neither to attach itself an existing nor require user intervention unlike viruses. Worms exploit operating system and application software vulnerabilities infect the systems. Polymorphic code art of developing that mutates at each copy while keeping original algorithm unchanged. By way, polymorphic changes its pattern time it sends another system. Thereby this avoids detection by simple signature matching techniques. On other hand, there still some part remains In work, we propose Token-Pair Conjunction Subsequence signatures for detecting threats. Experiments proposed model were performed using two real worms. Experiment results show schema have low false negatives positives.
acm.org
vxheaven.org 参考文章(16)
Brad Karp, Hyang-Ah Kim, Autograph: toward automated, distributed worm signature detection usenix security symposium. pp. 19- 19 ,(2004)
Christopher Kruegel, Engin Kirda, Darren Mutz, William Robertson, Giovanni Vigna, Polymorphic Worm Detection Using Structural Information of Executables Lecture Notes in Computer Science. pp. 207- 226 ,(2006) , 10.1007/11663812_11
Cristian Estan, George Varghese, Stefan Savage, Sumeet Singh, Automated worm fingerprinting operating systems design and implementation. pp. 4- 4 ,(2004)
C. Lawrence, S. Altschul, M. Boguski, J. Liu, A. Neuwald, J. Wootton, Detecting Subtle Sequence Signals: A Gibbs Sampling Strategy for Multiple Alignment Science. ,vol. 262, pp. 208- 214 ,(1993) , 10.1126/SCIENCE.8211139
R. Perdisci, D. Dagon, Wenke Lee, P. Fogla, M. Sharif, Misleading worm signature generators using deliberate noise injection ieee symposium on security and privacy. pp. 17- 31 ,(2006) , 10.1109/SP.2006.26
Christian Kreibich, Jon Crowcroft, Honeycomb: creating intrusion detection signatures using honeypots acm special interest group on data communication. ,vol. 34, pp. 51- 56 ,(2004) , 10.1145/972374.972384
Charles E. Lawrence, Andrew A. Reilly, An expectation maximization (EM) algorithm for the identification and characterization of common sites in unaligned biopolymer sequences. Proteins. ,vol. 7, pp. 41- 51 ,(1990) , 10.1002/PROT.340070105
Giovanni Manzini, Paolo Ferragina, Engineering a Lightweight Suffix Array Construction Algorithm Algorithmica. ,vol. 40, pp. 33- 50 ,(2004) , 10.1007/S00453-004-1094-1
Vinod Yegneswaran, Jonathon T. Giffin, Paul Barford, Somesh Jha, An architecture for generating semantics-aware signatures usenix security symposium. pp. 7- 7 ,(2005) , 10.21236/ADA449063
M. Christodorescu, S. Jha, S.A. Seshia, D. Song, R.E. Bryant, Semantics-aware malware detection ieee symposium on security and privacy. pp. 32- 46 ,(2005) , 10.1109/SP.2005.20