Hamsa: fast signature generation for zero-day polymorphic worms with provable attack resilience
作者: Zhichun Li , Manan Sanghi , Yan Chen , Ming-Yang Kao , B. Chavez
DOI: 10.1109/SP.2006.18
关键词:
摘要: Zero-day polymorphic worms pose a serious threat to the security of Internet infrastructures. Given their rapid propagation, it is crucial detect them at edge networks and automatically generate signatures in early stages infection. Most existing approaches for automatic signature generation need host information are thus not applicable deployment on high-speed network links. In this paper, we propose Hamsa, network-based automated system which fast, noise-tolerant attack-resilient. Essentially, realistic model analyze invariant content allows us make analytical attack-resilience guarantees algorithm. Evaluation based range engines demonstrates that Hamsa significantly outperforms Polygraph (J. Newsome et al., 2005) terms efficiency, accuracy, attack resilience.
utdallas.edu 
sci-hub.se 参考文章(25)
Philip K. Chan, Rachna Vargiya, Boundary detection in tokenizing network application payload for anomaly detection ,(2003)
Brad Karp, Hyang-Ah Kim, Autograph: toward automated, distributed worm signature detection usenix security symposium. pp. 19- 19 ,(2004)
Jens Stoye, Klaus-Bernd Schürmann, An Incomplex Algorithm for Fast Suffix Array Construction. Proc. of ALENEX/ANALCO 2005. pp. 78- 85 ,(2005)
Vern Paxson, Stuart Staniford, Nicholas Weaver, How to Own the Internet in Your Spare Time usenix security symposium. pp. 149- 167 ,(2002)
Vern Paxson, Bro: a system for detecting network intruders in real-time Computer Networks. ,vol. 31, pp. 2435- 2463 ,(1999) , 10.1016/S1389-1286(99)00112-7
Daniel C. DuVarney, Sandeep Bhatkar, R. Sekar, Address obfuscation: an efficient approach to combat a board range of memory error exploits usenix security symposium. pp. 8- 8 ,(2003)
Ke Wang, Gabriela Cretu, Salvatore J. Stolfo, Anomalous Payload-Based Worm Detection and Signature Generation Lecture Notes in Computer Science. pp. 227- 246 ,(2006) , 10.1007/11663812_12
Cristian Estan, George Varghese, Stefan Savage, Sumeet Singh, Automated worm fingerprinting operating systems design and implementation. pp. 4- 4 ,(2004)
R. Perdisci, D. Dagon, Wenke Lee, P. Fogla, M. Sharif, Misleading worm signature generators using deliberate noise injection ieee symposium on security and privacy. pp. 17- 31 ,(2006) , 10.1109/SP.2006.26
Christian Kreibich, Jon Crowcroft, Honeycomb: creating intrusion detection signatures using honeypots acm special interest group on data communication. ,vol. 34, pp. 51- 56 ,(2004) , 10.1145/972374.972384