Graph based signature classes for detecting polymorphic worms via content analysis
作者: Burak Bayoğlu , İbrahim Soğukpınar
DOI: 10.1016/J.COMNET.2011.11.007
关键词:
摘要: Malicious softwares such as trojans, viruses, or worms can cause serious damage for information systems by exploiting operating system and application software vulnerabilities. Worms constitute a significant proportion of overall malicious infect large number in very short periods. Polymorphic combine polymorphism techniques with self-replicating fast-spreading characteristics worms. Each copy polymorphic worm has different pattern so it is not effective to use simple signature matching techniques. In this work, we propose graph based classification framework content signatures. This aims guide researchers new schemes. We also scheme, Conjunction Combinational Motifs (CCM), on the defined framework. CCM utilizes common substrings copies relation between those through dependency analysis. resilient versions worm. automatically generates signatures worm, triggered partial matches. Experimental results support that good flow evaluation time performance low false positives negatives.
acm.org
elsevier.com
sci-hub.se 参考文章(21)
Brad Karp, Hyang-Ah Kim, Autograph: toward automated, distributed worm signature detection usenix security symposium. pp. 19- 19 ,(2004)
Christopher Kruegel, Engin Kirda, Darren Mutz, William Robertson, Giovanni Vigna, Polymorphic Worm Detection Using Structural Information of Executables Lecture Notes in Computer Science. pp. 207- 226 ,(2006) , 10.1007/11663812_11
Cristian Estan, George Varghese, Stefan Savage, Sumeet Singh, Automated worm fingerprinting operating systems design and implementation. pp. 4- 4 ,(2004)
İbrahim Soğukpinar, Burak Bayoğlu, Polymorphic worm detection using strong token-pair signatures Turkish Journal of Electrical Engineering and Computer Sciences. ,vol. 17, pp. 163- 182 ,(2009)
C. Lawrence, S. Altschul, M. Boguski, J. Liu, A. Neuwald, J. Wootton, Detecting Subtle Sequence Signals: A Gibbs Sampling Strategy for Multiple Alignment Science. ,vol. 262, pp. 208- 214 ,(1993) , 10.1126/SCIENCE.8211139
R. Perdisci, D. Dagon, Wenke Lee, P. Fogla, M. Sharif, Misleading worm signature generators using deliberate noise injection ieee symposium on security and privacy. pp. 17- 31 ,(2006) , 10.1109/SP.2006.26
Christian Kreibich, Jon Crowcroft, Honeycomb: creating intrusion detection signatures using honeypots acm special interest group on data communication. ,vol. 34, pp. 51- 56 ,(2004) , 10.1145/972374.972384
Lorenzo Cavallaro, Andrea Lanzi, Luca Mayer, Mattia Monga, LISABETH Proceedings of the fourth international workshop on Software engineering for secure systems - SESS '08. pp. 41- 48 ,(2008) , 10.1145/1370905.1370911
Burak Bayoglu, Ibrahim Sogukpinar, Polymorphic worm detection using token-pair signatures Proceedings of the 4th international workshop on Security, privacy and trust in pervasive and ubiquitous computing - SecPerU '08. pp. 7- 12 ,(2008) , 10.1145/1387329.1387331
Giovanni Manzini, Paolo Ferragina, Engineering a Lightweight Suffix Array Construction Algorithm Algorithmica. ,vol. 40, pp. 33- 50 ,(2004) , 10.1007/S00453-004-1094-1