Title :
A New Attempt to Detect Polymorphic Worms Based on Semantic Signature and Data-Mining
Author :
Wei Wang ; Dai-Sheng Luo
Author_Institution :
Sichuan Univ., Chengdu
Abstract :
In recent years, Internet worms increasingly threaten the Internet hosts and service and polymorphic worms can evade signature-based intrusion detection systems. In this paper, we propose new methods to detect polymorphic worms based on semantic signature and data-mining. Our main contributions of this work are as follows: (1) we propose a worm attack model - the OSJUMP model. (2) Based on the attack model, we analyze the feature of polymorphic worms and the feature of perfect ones. (3) We propose methods to detect worms by recognizing the JUMP address based on data-mining such as Bayes and ANN. We evaluate some famous worm and polymorphic ones generated from them, the results show that the false negative and performance improved a lot compared to signature-based IDSes.
Keywords :
Bayes methods; Internet; data mining; invasive software; neural nets; ANN; Bayes; Internet worms; JUMP address; OSJUMP model; data-mining; polymorphic worm detection; semantic signature; signature-based intrusion detection systems; worm attack model; Buffer overflow; Cryptography; Databases; Engines; Intrusion detection; Payloads; Performance analysis; Predictive models; Telecommunication traffic; Web and internet services;
Conference_Titel :
Communications and Networking in China, 2006. ChinaCom '06. First International Conference on
Conference_Location :
Beijing
Print_ISBN :
1-4244-0463-0
Electronic_ISBN :
1-4244-0463-0
DOI :
10.1109/CHINACOM.2006.344872
