Survey of Polymorphic Worm Signatures
نویسندگان
چکیده
Worms are self –replicating, fast moving malicious codes, capable of spreading themselves without human interaction. It’s a weapon of choice for those, who like to launch destructive attacks on network or internet as a whole. Recently there emerge more sophisticated worms such as polymorphic worm which vary their payload in every infection attempt. Polymorphic worms have more than one mutated instances. It is very important to detect and prevent such worms quickly and accurately at their early phase of infection. There are several worm detection and containment methods available. This paper surveys recent automated signature based detection of polymorphic worms and presents a classification for various signature approaches. There are two main categories of worm signatures, exploit specific and vulnerability driven. Both categories of signature are either network-based or host based. Each signature generation scheme is described and discussed in appropriate category. We analyze and compare different signature schemes. The paper concludes with challenge and scope of future research directions.
منابع مشابه
Catch Me, If You Can: Evading Network Signatures with Web-based Polymorphic Worms
Polymorphic worms are self-replicating malware that change their representation as they spread throughout networks in order to evade worm detection systems. A number of approaches to detect polymorphicworms have been proposed. These approaches use samples of a polymorphic worm (and of benign traffic as well) to derive a signature that can detect all instances of the worm without producing exces...
متن کاملEarly Worm Detection for Minimizing Damage in E-Service Networks
Network attacks such as computer virus and worms that scan computers randomly have caused billions of dollars in damage to enterprises across the Internet [Erbschloe M., 2005]. There are different worm detection techniques. [Guofei, G., 2004] classified them according to the worm characteristic used by detection technique. One approach is using worm signatures, it depends on the identical or si...
متن کاملDetecting Zero-day Polymorphic Worms with Jaccard Similarity Algorithm
Zero-day polymorphic worms pose a serious threat to the security of Mobile systems and Internet infrastructure. In many cases, it is difficult to detect worm attacks at an early stage. There is typically little or no time to develop a well-constructed solution during such a worm outbreak. This is because the worms act only to spread from node to node and they bring security concerns to everyone...
متن کاملUsing a bioinformatics approach to generate accurate exploit-based signatures for polymorphic worms
In this paper, we propose Simplified Regular Expression (SRE) signature, which uses multiple sequence alignment techniques, drawn from bioinformatics, in a novel approach to generating more accurate exploit-based signatures. We also provide formal definitions of what is ‘‘a more specific’’ and what is ‘‘the most specific’’ signature for a polymorphic worm and show that the most specific exploit...
متن کاملAn Automated Signature Generation Approach for Polymorphic Worms Using Factor Analysis
Internet worms pose a major threat to Internet infrastructure security, and their destruction will be truly costly. Therefore, the networks must be protected as much as possible against such attacks. In this paper we propose automatic and accurate system for signature generation for unknown polymorphic worms. We have designed a novel double-honeynet system, which is able to detect new worms tha...
متن کامل