Using a bioinformatics approach to generate accurate exploit-based signatures for polymorphic worms
作者: Yong Tang , Bin Xiao , Xicheng Lu
DOI: 10.1016/J.COSE.2009.06.003
关键词:
摘要: In this paper, we propose Simplified Regular Expression (SRE) signature, which uses multiple sequence alignment techniques, drawn from bioinformatics, in a novel approach to generating more accurate exploit-based signatures. We also provide formal definitions of what is ''a specific'' and ''the most signature for polymorphic worm show that the specific generation NP-hard. The involves three steps: reward consecutive substring extractions, noise elimination remove effects, transformation make SRE compatible with current IDSs. Experiments on range worms real-world shellcodes our bioinformatics noise-tolerant as because it extracts characters, like one-byte invariants distance restrictions between invariant bytes, signatures generates are precise than those generated by some other schemes.
core.ac.uk
elsevier.com
sci-hub.se 参考文章(31)
Brad Karp, Hyang-Ah Kim, Autograph: toward automated, distributed worm signature detection usenix security symposium. pp. 19- 19 ,(2004)
Tzi-cker Chiueh, Alexey Smirnov, DIRA: Automatic Detection, Identification and Repair of Control-Hijacking Attacks. network and distributed system security symposium. ,(2005)
Yong Tang, Xicheng Lu, Bin Xiao, Generating simplified regular expression signatures for polymorphic worms autonomic and trusted computing. pp. 478- 488 ,(2007) , 10.1007/978-3-540-73547-2_49
James Newsome, Brad Karp, Dawn Song, Paragraph: Thwarting Signature Learning by Training Maliciously Lecture Notes in Computer Science. pp. 81- 105 ,(2006) , 10.1007/11856214_5
Dawn Song, Avrim Blum, Shobha Venkataraman, Limits of Learning-based Signature Generation with Adversaries. network and distributed system security symposium. ,(2008)
Cristian Estan, George Varghese, Stefan Savage, Sumeet Singh, Automated worm fingerprinting operating systems design and implementation. pp. 4- 4 ,(2004)
V. I. Levenshtein, Binary codes capable of correcting deletions, insertions, and reversals Soviet physics. Doklady. ,vol. 10, pp. 707- 710 ,(1966)
XiaoFeng Wang, Zhuowei Li, Jun Xu, Michael K. Reiter, Chongkyung Kil, Jong Youl Choi, Packet vaccine Proceedings of the 13th ACM conference on Computer and communications security - CCS '06. pp. 37- 46 ,(2006) , 10.1145/1180405.1180412
Richard Lippmann, Joshua W Haines, David J Fried, Jonathan Korba, Kumar Das, The 1999 DARPA off-line intrusion detection evaluation recent advances in intrusion detection. ,vol. 34, pp. 579- 595 ,(2000) , 10.1016/S1389-1286(00)00139-0
R. Perdisci, D. Dagon, Wenke Lee, P. Fogla, M. Sharif, Misleading worm signature generators using deliberate noise injection ieee symposium on security and privacy. pp. 17- 31 ,(2006) , 10.1109/SP.2006.26