DocumentCode :
2320796
Title :
Accurate signature generation for polymorphic worms using principal component analysis
Author :
Mohammed, Mohssen M Z E ; Chan, H. Anthony ; Ventura, Neco ; Hashim, Mohsin ; Amin, Izzeldin ; Bashier, Eihab
Author_Institution :
Dept. of Electr. Eng., Univ. of Cape Town, Rondebosch, South Africa
fYear :
2010
fDate :
6-10 Dec. 2010
Firstpage :
1555
Lastpage :
1560
Abstract :
Internet worms pose a major threat to Internet infrastructure security, and their destruction causes loss of millions of dollars. Therefore, the networks must be pro-tected as much as possible to avoid losses. In this paper we propose accurate system for signature generation for Zero-day polymorphic worms. We have designed a novel double-honeynet system, which is able to detect new worms that have not been seen before. We apply Princi-pal Component Analysis (PCA) to determine the most significant substrings that are shared between po-lymorphic worm instances. The experimental results show that the PCA has successfully detected polymorphic worms with zero false positives and zero false negatives.
Keywords :
Internet; computer network security; digital signatures; invasive software; principal component analysis; Internet infrastructure security; Internet worm; double honeynet system; principal component analysis; signature generation; zero day polymorphic worm; zero false negatives; zero false positives; honey-net; worms;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
GLOBECOM Workshops (GC Wkshps), 2010 IEEE
Conference_Location :
Miami, FL
Print_ISBN :
978-1-4244-8863-6
Type :
conf
DOI :
10.1109/GLOCOMW.2010.5700200
Filename :
5700200
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=2320796
بازگشت