Polymorphic Worm Detection Using Structural Information of Executables
作者: Christopher Kruegel , Engin Kirda , Darren Mutz , William Robertson , Giovanni Vigna
DOI: 10.1007/11663812_11
关键词:
摘要: Network worms are malicious programs that spread automatically across networks by exploiting vulnerabilities affect a large number of hosts. Because the speed at which to computer populations, countermeasures based on human reaction time not feasible. Therefore, recent research has focused devising new techniques detect and contain network without need supervision. In particular, approaches have been proposed derive signatures analyzing worm-related streams. Most these techniques, however, assume worm code does change during infection process. Unfortunately, can be polymorphic. That is, they mutate as network. To types worms, it is necessary devise able identify similarities between different mutations worm. This paper presents novel technique structural analysis binary allows one mutations. The approach worm's control flow graph introduces an original coloring supports more precise characterization structure. used basis implement detection system resilient many mechanisms evade instruction sequences only.
springer.com
ucsb.edu
springerlink.com
acm.org 参考文章(21)
Brad Karp, Hyang-Ah Kim, Autograph: toward automated, distributed worm signature detection usenix security symposium. pp. 19- 19 ,(2004)
Paul C. van Oorschot, Evangelos Kranakis, David Whyte, DNS-based Detection of Scanning Worms in an Enterprise Network. network and distributed system security symposium. ,(2005)
Vern Paxson, Stuart Staniford, Nicholas Weaver, How to Own the Internet in Your Spare Time usenix security symposium. pp. 149- 167 ,(2002)
Oleg Kolesnikov, Wenke Lee, Advanced Polymorphic Worms: Evading IDS by Blending in with Normal Traffic Georgia Institute of Technology. ,(2005)
Vern Paxson, Bro: a system for detecting network intruders in real-time Computer Networks. ,vol. 31, pp. 2435- 2463 ,(1999) , 10.1016/S1389-1286(99)00112-7
David Dagon, Xinzhou Qin, Guofei Gu, Wenke Lee, Julian Grizzard, John Levine, Henry Owen, HoneyStat: Local Worm Detection Using Honeypots recent advances in intrusion detection. pp. 39- 58 ,(2004) , 10.1007/978-3-540-30143-1_3
Michael Bailey, Evan Cooke, Farnam Jahanian, Jose Nazario, David Watson, None, The Internet Motion Sensor - A Distributed Blackhole Monitoring System. network and distributed system security symposium. ,(2005)
Fredrik Valeur, Christopher Kruegel, Giovanni Vigna, William Robertson, Static disassembly of obfuscated binaries usenix security symposium. pp. 18- 18 ,(2004)
Cristian Estan, George Varghese, Stefan Savage, Sumeet Singh, Automated worm fingerprinting operating systems design and implementation. pp. 4- 4 ,(2004)
Shobha Venkataraman, Dawn Song, Phillip B. Gibbons, Avrim Blum, New Streaming Algorithms for Fast Detection of Superspreaders network and distributed system security symposium. ,(2004) , 10.21236/ADA461026