Catch me, if you can: evading network signatures with web-based polymorphic worms
作者: Matthew Van Gundy , Giovanni Vigna , Davide Balzarotti
DOI:
关键词:
摘要: Polymorphic worms are self-replicating malware that change their representation as they spread throughout networks in order to evade worm detection systems. A number of approaches detect polymorphic have been proposed. These use samples a (and benign traffic well) derive signature can all instances the without producing excessive false positives. Even though these systems claim be able generate signatures for any type worm, examples used show ability based on exploits target memory corruption vulnerabilities. In this paper, we how different class worms, namely those web vulnerabilities and scripting languages, much harder than "traditional" worms. We developed engine PHP code tested state-of-the-art tools worm. The results our experiments PHP-based would successfully existing generation
ucsb.edu
singlethink.net 参考文章(8)
Vern Paxson, Stuart Staniford, Nicholas Weaver, How to Own the Internet in Your Spare Time usenix security symposium. pp. 149- 167 ,(2002)
James Newsome, Brad Karp, Dawn Song, Paragraph: Thwarting Signature Learning by Training Maliciously Lecture Notes in Computer Science. pp. 81- 105 ,(2006) , 10.1007/11856214_5
Christopher Kruegel, Engin Kirda, Darren Mutz, William Robertson, Giovanni Vigna, Polymorphic Worm Detection Using Structural Information of Executables Lecture Notes in Computer Science. pp. 207- 226 ,(2006) , 10.1007/11663812_11
Vern Paxson, Stuart Staniford, Nicholas Weaver, Very fast containment of scanning worms usenix security symposium. pp. 3- 3 ,(2004)
Nicholas Weaver, Vern Paxson, Stuart Staniford, Robert Cunningham, A taxonomy of computer worms workshop on rapid malcode. pp. 11- 18 ,(2003) , 10.1145/948187.948190
R. Perdisci, D. Dagon, Wenke Lee, P. Fogla, M. Sharif, Misleading worm signature generators using deliberate noise injection ieee symposium on security and privacy. pp. 17- 31 ,(2006) , 10.1109/SP.2006.26
J. Newsome, B. Karp, D. Song, Polygraph: automatically generating signatures for polymorphic worms ieee symposium on security and privacy. pp. 226- 241 ,(2005) , 10.1109/SP.2005.15
Zhichun Li, Manan Sanghi, Yan Chen, Ming-Yang Kao, B. Chavez, Hamsa: fast signature generation for zero-day polymorphic worms with provable attack resilience ieee symposium on security and privacy. pp. 32- 47 ,(2006) , 10.1109/SP.2006.18