Title :
Polymorphic Worm Detection Using Signatures Based on Neighborhood Relation
Author :
Wang, Jie ; Wang, Jianxin ; Sheng, Yu ; Chen, Jianer
Author_Institution :
Sch. of Inf. Sci. & Eng., Central South Univ., Changsha, China
Abstract :
In recent years, worm signatures suffer from difficulties to detect polymorphic worms because these worms can change their patterns dynamically. In this paper, a class of neighborhood-relation signatures (NRS) are proposed, including 1-NRS, 2-NRS and (1,2)-NRS. NRS can be used for detecting polymorphic worms since these worms often remain the same relationship between bytes in changing their patterns. Two signature generation algorithm based on expectation-maximization (EM) and Gibbs Sampling are designed to generate NRS. We perform extensive experiments to demonstrate the effectiveness of NRS and the correctness of the process of signatures generation. Experiment results show that our approach of defending polymorphic worm based on NRS is more effective than other approach based on existed signatures.
Keywords :
digital signatures; expectation-maximisation algorithm; invasive software; sampling methods; Gibbs sampling algorithm; NRS; expectation-maximization algorithm; neighborhood-relation signature; polymorphic worm detection; signature generation algorithm; Atherosclerosis; Change detection algorithms; Cryptography; Frequency; High performance computing; Information science; Internet; Intrusion detection; Payloads; Sampling methods;
Conference_Titel :
High Performance Computing and Communications, 2009. HPCC '09. 11th IEEE International Conference on
Conference_Location :
Seoul
Print_ISBN :
978-1-4244-4600-1
Electronic_ISBN :
978-0-7695-3738-2
DOI :
10.1109/HPCC.2009.59
