Title :
An Automated Signature Generation Approach for Polymorphic Worm Based on Color Coding
Author :
Jie Wang ; Jianxin Wang ; Jianer Chen ; Xi Zhang
Author_Institution :
Sch. of Inf. Sci. & Eng., Central South Univ., Changsha, China
Abstract :
In order to prevent worms from propagating rapidly, it is essential to generate worm signatures quickly and accurately. However, most of recent approaches can not generate accurate signatures for polymorphic worms in environments with noise. In this paper, we present a signature generation algorithm, namely CCSF (color coding signature finding), for polymorphic worms based on color coding. CCSF divides n sequences into m groups and each group contains 20 sequences. Firstly, CCSF generates signatures for each group by adopting color coding and filters them. Then all reserved signatures are clustered to get rid of redundant substrings. In this approach, signature can be generated without any fragment in environments with noise, and it can be used in IDS (intrusion detection system) to detect polymorphic worm. We perform extensive experiments to demonstrate the effectiveness of our approach. Experiment results show distinct advantages in generating accurate signatures over other existed approaches.
Keywords :
invasive software; CCSF; automated signature generation approach; color coding signature finding; intrusion detection system; polymorphic worm; worm signatures; Atherosclerosis; Character generation; Clustering algorithms; Colored noise; Communications Society; Computer worms; Information science; Intrusion detection; Noise generators; Working environment noise;
Conference_Titel :
Communications, 2009. ICC '09. IEEE International Conference on
Conference_Location :
Dresden
Print_ISBN :
978-1-4244-3435-0
Electronic_ISBN :
1938-1883
DOI :
10.1109/ICC.2009.5198721
