An Automated Signature Generation Approach for Polymorphic Worm Based on Color Coding

In order to prevent worms from propagating rapidly, it is essential to generate worm signatures quickly and accurately. However, most of recent approaches can not generate accurate signatures for polymorphic worms in environments with noise. In this paper, we present a signature generation algorithm, namely CCSF (color coding signature finding), for polymorphic worms based on color coding. CCSF divides n sequences into m groups and each group contains 20 sequences. Firstly, CCSF generates signatures for each group by adopting color coding and filters them. Then all reserved signatures are clustered to get rid of redundant substrings. In this approach, signature can be generated without any fragment in environments with noise, and it can be used in IDS (intrusion detection system) to detect polymorphic worm. We perform extensive experiments to demonstrate the effectiveness of our approach. Experiment results show distinct advantages in generating accurate signatures over other existed approaches.