SISG: self‐immune automated signature generation for polymorphic worms
作者: Zhang Xiaosong , Chen Ting , Chen Dapeng , Liu Zhi
DOI: 10.1108/03321641011014913
关键词:
摘要: Purpose – The purpose of this paper is to propose a self‐immune automated signature generation (SISG) for polymorphic worms which able work well, even while being attacked by any types malicious adversary and produces global‐suited signatures other than local‐suited its distributed architecture. Through experimentations, the method thereafter evaluated.Design/methodology/approach ideal worm exist in each copy corresponding worm, but never categories normal network traffic. SISG compares extract same components, then from components must achieve low‐false positive negative. immune most attacks filtering harmful noise made adversaries before generation.Findings NOP sled, body descriptor are not good be because they can confused intricately engines. Protocol frames may suit to...
unirioja.es
emeraldinsight.com 参考文章(24)
Brad Karp, Hyang-Ah Kim, Autograph: toward automated, distributed worm signature detection usenix security symposium. pp. 19- 19 ,(2004)
Thomas Toth, Christopher Kruegel, Accurate buffer overflow detection via abstract payload execution recent advances in intrusion detection. pp. 274- 291 ,(2002) , 10.1007/3-540-36084-0_15
Vern Paxson, Stuart Staniford, Nicholas Weaver, How to Own the Internet in Your Spare Time usenix security symposium. pp. 149- 167 ,(2002)
Oleg Kolesnikov, Wenke Lee, Advanced Polymorphic Worms: Evading IDS by Blending in with Normal Traffic Georgia Institute of Technology. ,(2005)
Vern Paxson, Bro: a system for detecting network intruders in real-time Computer Networks. ,vol. 31, pp. 2435- 2463 ,(1999) , 10.1016/S1389-1286(99)00112-7
P. Akritidis, E. P. Markatos, M. Polychronakis, K. Anagnostakis, STRIDE: Polymorphic Sled Detection Through Instruction Sequence Analysis information security conference. pp. 375- 391 ,(2005) , 10.1007/0-387-25660-1_25
James Newsome, Brad Karp, Dawn Song, Paragraph: Thwarting Signature Learning by Training Maliciously Lecture Notes in Computer Science. pp. 81- 105 ,(2006) , 10.1007/11856214_5
Cristian Estan, George Varghese, Stefan Savage, Sumeet Singh, Automated worm fingerprinting operating systems design and implementation. pp. 4- 4 ,(2004)
J. Pincus, B. Baker, Beyond stack smashing: recent advances in exploiting buffer overruns ieee symposium on security and privacy. ,vol. 2, pp. 20- 27 ,(2004) , 10.1109/MSP.2004.36
R. Perdisci, D. Dagon, Wenke Lee, P. Fogla, M. Sharif, Misleading worm signature generators using deliberate noise injection ieee symposium on security and privacy. pp. 17- 31 ,(2006) , 10.1109/SP.2006.26