Automatic signature generation for polymorphic worms by combination of token extraction and sequence alignment approaches
作者: Razieh Eskandari , Mehdi Shajari , Asadallah Asadi
关键词:
摘要: As modern worms spread quickly; any countermeasure based on human reaction is barely fast enough to thwart the threat. Moreover, because polymorphic could generate mutated instances, they are more complex than non-mutating ones. Currently, content-based signature generation of a challenge for network security. Several classes have been proposed worms. Although previously schemes consider patterns such as 1-byte invariants and distance restrictions, not handle neither large payloads nor big size pool worm instances. prone noise injection attack. We method combine two approaches creating in new way that avoid limitation both approaches. The proposedsignature scheme token extraction multiple sequence alignment, widely used Bioinformatics. This approach provides speed, accuracy, flexibility terms tolerance. evaluations demonstrate these claims.
sci-hub.se 参考文章(23)
Thomas Toth, Christopher Kruegel, Accurate buffer overflow detection via abstract payload execution recent advances in intrusion detection. pp. 274- 291 ,(2002) , 10.1007/3-540-36084-0_15
Oleg Kolesnikov, Wenke Lee, Advanced Polymorphic Worms: Evading IDS by Blending in with Normal Traffic Georgia Institute of Technology. ,(2005)
Yan Tang, Peter Spyns, Robert Meersman, Towards semantically grounded decision rules using ORM rules and rule markup languages for the semantic web. pp. 78- 91 ,(2007) , 10.1007/978-3-540-75975-1_7
Jedidiah R. Crandall, S. Felix Wu, Frederic T. Chong, Experiences using minos as a tool for capturing and analyzing novel worms for unknown vulnerabilities international conference on detection of intrusions and malware and vulnerability assessment. ,vol. 3548, pp. 32- 50 ,(2005) , 10.1007/11506881_3
Nan Li, Chunhe Xia, Yi Yang, Haiquan Wang, An Algorithm for Generation of Attack Signatures Based on Sequences Alignment computer science and software engineering. ,vol. 3, pp. 964- 969 ,(2008) , 10.1109/CSSE.2008.555
XiaoFeng Wang, Zhuowei Li, Jun Xu, Michael K. Reiter, Chongkyung Kil, Jong Youl Choi, Packet vaccine Proceedings of the 13th ACM conference on Computer and communications security - CCS '06. pp. 37- 46 ,(2006) , 10.1145/1180405.1180412
Yong Tang, Bin Xiao, Xicheng Lu, Using a bioinformatics approach to generate accurate exploit-based signatures for polymorphic worms Computers & Security. ,vol. 28, pp. 827- 842 ,(2009) , 10.1016/J.COSE.2009.06.003
Robin Sommer, Vern Paxson, Enhancing byte-level network intrusion detection signatures with context computer and communications security. pp. 262- 271 ,(2003) , 10.1145/948109.948145
Zhang Xiaosong, Chen Ting, Chen Dapeng, Liu Zhi, SISG: self‐immune automated signature generation for polymorphic worms Compel-the International Journal for Computation and Mathematics in Electrical and Electronic Engineering. ,vol. 29, pp. 445- 467 ,(2010) , 10.1108/03321641011014913
Ratinder Kaur, Maninder Singh, A Survey on Zero-Day Polymorphic Worm Detection Techniques IEEE Communications Surveys and Tutorials. ,vol. 16, pp. 1520- 1549 ,(2014) , 10.1109/SURV.2014.022714.00160