PolyS: Network-based Signature Generation for Zero-day Polymorphic Worms

PolyS: Network-based Signature Generation for Zero-day Polymorphic Worms

With growing sophistication of computer worms, it is very important to detect and prevent the worms quickly and accurately at their early phase of infection. Traditional signature based IDS, though effective for known attacks but failed to handle the zero-day attack promptly. Recent works on polymorphic worms does not guarantee accurate signature in presence of noise in suspicious flow samples....

Honeypot-based Signature Generation for Polymorphic Worms

With the growing sophistication of computer worms, information security has become a prime concern for individuals, community and organizations. Traditional signature based IDS, though effective for known attacks but failed to handle the unknown attack promptly. This paper describes a novel honeypot system which isolates the suspicious traffic from normal traffic, and capture most useful inform...

Detecting Zero-day Polymorphic Worms with Jaccard Similarity Algorithm

Zero-day polymorphic worms pose a serious threat to the security of Mobile systems and Internet infrastructure. In many cases, it is difficult to detect worm attacks at an early stage. There is typically little or no time to develop a well-constructed solution during such a worm outbreak. This is because the worms act only to spread from node to node and they bring security concerns to everyone...

Automatic Defense Against Zero-day Polymorphic Worms in Communication Networks

An Automated Signature Generation Approach for Polymorphic Worms Using Factor Analysis

Internet worms pose a major threat to Internet infrastructure security, and their destruction will be truly costly. Therefore, the networks must be protected as much as possible against such attacks. In this paper we propose automatic and accurate system for signature generation for unknown polymorphic worms. We have designed a novel double-honeynet system, which is able to detect new worms tha...