Title :
Detection of Zero-Day Polymorphic Worms Using Principal Component Analysis
Author :
Mohammed, Mohssen M Z E ; Chan, H. Anthony ; Ventura, Neco ; Hashim, Mohsim ; Amin, Izzeldin ; Bashier, Eihab
Author_Institution :
Electr. Eng. Departmnet, Cape Town Univ., Cape Town, South Africa
Abstract :
Polymorphic worms pose a big challenge to the Internet security. The difficulty of detection of such a polymorphic worm is that it has more than one instance and very large efforts are needed to capture all these instances and to generate signatures. This paper proposes automatic system for signature generation for zero-day polymorphic worms. We have designed a novel double-honeynet system, which is able to detect new worms that have not been seen before. We apply Principal Component Analysis (PCA) to determine the most significant substrings that are shared between polymorphic worm instances and to use them as signatures. The system is able to generate signatures to match most polymorphic worm instances with low false positives and low false negatives.
Keywords :
Internet; computer network security; invasive software; principal component analysis; Internet security; PCA; Zero-day polymorphic worms; principal component analysis; Anatomy; Cities and towns; Communication system traffic control; Computer networks; Computer worms; IP networks; Internet; Intrusion detection; Principal component analysis; Telecommunication traffic; Honeynet; Internet security; Polymorphic worms;
Conference_Titel :
Networking and Services (ICNS), 2010 Sixth International Conference on
Conference_Location :
Cancun
Print_ISBN :
978-1-4244-5927-8
DOI :
10.1109/ICNS.2010.45
