作者: Salvatore J. Stolfo , Gabriela Cretu , Ke Wang
DOI:
关键词:
摘要: New features of the PAYL anomalous payload detection sensor are demonstrated to accurately detect and generate signatures for zero-day worms. Experimental evidence demonstrates that site-specific packet content models capable detecting new worms with high accuracy in a collaborative security system. A approach is proposed correlates ingress/egress alerts identify worm's initial propagation. The method also enables automatic signature generation can be deployed immediately network firewalls filters proactively protect other hosts. We propose privacy-preserving strategy whereby different hosts exchange increase mitigate against false positives. important principle correlating multiple identifies true positives from set anomaly reduces incorrect decisions producing accurate mitigation.