Title :
Analyzing Maximum Length of Instruction Sequence in Network Packets for Polymorphic Worm Detection
Author :
Tatara, Kohei ; Hori, Yoshiaki ; Sakurai, Kouichi
Author_Institution :
Grad. Sch. of Inf. Sci. & Electr. Eng., Kyushu Univ., Fukuoka
Abstract :
The importance of the method for finding out the worms that are made through the modification of parts of their original worms increases. It is difficult to detect these worms by comparing with the simple definition that past anti-virus software adapts. Moreover, if it is not an already-known worm, it is not possible to detect it. In this paper, we pay attention to the Toth et al.´s method to extract the executable code included in the dataflows on the network and detect the attack by measuring the length of them. The importance of the method for finding out the worms that are made through the modification of parts of their original worms increases. It is difficult to detect these worms by comparing with the simple definition that past anti-virus software adapts. Moreover, if it is not an already- known worm, it is not possible to detect it. In this paper, we pay attention to the Toth et al.´s method to extract the executable code included in the dataflows on the network and detect the attack by measuring the length of them. Then, we describe the problem of their method and how to solve it.Then, we describe the problem of their method and how to solve it.
Keywords :
computer networks; invasive software; telecommunication security; anti-virus software adapts; instruction sequence; network packets; polymorphic worm detection; Buffer overflow; Cryptography; Data mining; Electrostatic precipitators; Engines; Information analysis; Information science; Length measurement; Passive optical networks; Proposals; Abstract Payload Execution; Polymorphic Worm Detection;
Conference_Titel :
Multimedia and Ubiquitous Engineering, 2008. MUE 2008. International Conference on
Conference_Location :
Busan
Print_ISBN :
978-0-7695-3134-2
DOI :
10.1109/MUE.2008.119