Title :
Fast and Effective Worm Fingerprinting via Machine Learning
Author :
Yang, Stewart ; Song, Jianping ; Rajamani, Harish ; Cho, Taewon ; Zhang, Yin ; Mooney, Raymond
Author_Institution :
Department of Computer Sciences, University of Texas at Austin, Austin, TX 78712, USA. windtown@cs.utexas.edu
Abstract :
As Internet worms become ever faster and more sophisticated, it is important to be able to extract worm signatures in an accurate and timely manner. In this paper, we apply machine learning to automatically fingerprint polymorphic worms, which are able to change their appearance across every instance. Using real Internet traces and synthetic polymorphic worms, we evaluated the performance of several advanced machine learning algorithms, including naive Bayes, decision-tree induction, rule learning (RIPPER) and support vector machines. The results are very promising. Compared with Polygraph, the state of the art in polymorphic worm fingerprinting, several machine learning algorithms are able to generate more accurate signatures, tolerate more noise in the training data and require much shorter training time. These results open the possibility of applying machine learning to build a fast and accurate online worm fingerprinting system.
Keywords :
Computer worms; Fingerprint recognition; Internet; Intrusion detection; Machine learning; Machine learning algorithms; Support vector machines; Telecommunication traffic; Testing; Training data;
Conference_Titel :
Autonomic Computing, 2006. ICAC '06. IEEE International Conference on
Print_ISBN :
1-4244-0175-5
DOI :
10.1109/ICAC.2006.1662421
