An Integrated Approach to Worm Detection and Automatic Signature Generation

Author

Yao, Li ; Liu, Yu ; Zhang, Yuqing

Author_Institution

Nat. Comput. Network Intrusion Protection Center, Grad. Univ. of Chinese Acad. of Sci., Beijing, China

Volume

2

fYear

2009

fDate

11-14 Dec. 2009

Firstpage

371

Lastpage

375

Abstract

Modern worms spread so quickly on the Internet that traditional methods which entail human labor to generate signatures might not be fast enough to contain their spreading. It´ s necessary to automate the processes of both worm detection and signature generation. In this paper, we firstly propose a detection algorithm with an evidence fusion model integrating four anomalous network behaviors. When malicious traffic has been found, a hierarchical cluster based signature generation algorithm is applied to analyze the content of worm flows and generate signatures automatically. The experiment shows that our approach is noise-tolerant and be able to detect worm attacks in time and generate signatures quickly and accurately.

Keywords

Internet; computer network security; invasive software; Internet; anomalous network behavior; automatic signature generation; fusion model; hierarchical cluster based signature generation algorithm; malicious traffic; worm detection; Computational intelligence; Computer worms; Data security; Fusion power generation; IP networks; Intrusion detection; Payloads; Telecommunication traffic; Traffic control; Web and internet services; cluster; evidence fusion; signature generation; worm detection;

fLanguage

English

Publisher

ieee

Conference_Titel

Computational Intelligence and Security, 2009. CIS '09. International Conference on

Conference_Location

Beijing

Print_ISBN

978-1-4244-5411-2

Type

conf

DOI

10.1109/CIS.2009.274

Filename

5376133