Title :
An automatic, prompt, and accurate exploit-based method to generate polymorphic worm´s signature
Author :
Ramadass, Sureswaran ; Abdulla, Shubair A. ; Altyeb, Altyeb Altaher
Author_Institution :
NAV6 Center of Excellence, Univ. Sains Malaysia USM, Minden, Malaysia
Abstract :
Polymorphic worms evade network security systems by varying their payload every time an infection is attempted. The payload´s variation operation is performed by using built-in self content encryptor. However, all encrypted payloads share the same invariant exploit code to ensure exploiting same vulnerability in same manner on all victims. This research paper is an endeavor to interpret the invariant part into signature. The basic idea of the proposed method is to assemble attacking payloads on a honeypot, and then extracting the worm´s signature by using a matching technique. The experiments were conducted on two datasets, Witty worm´s payloads and synthetic payloads, and have demonstrated promising results.
Keywords :
computer network security; cryptography; invasive software; pattern matching; Witty worms payload; built-in self content encryptor; encrypted payload; exploit-based method; honeypot; invariant exploit code; matching technique; network security system; payload variation operation; polymorphic worm signature generation; synthetic payload; vulnerability exploitation; Algorithms; Computers; Cryptography; Grippers; Payloads; Software; exploit code; intrusion detection systems; synthetic worms; worm signature;
Conference_Titel :
Broadband Network and Multimedia Technology (IC-BNMT), 2011 4th IEEE International Conference on
Conference_Location :
Shenzhen
Print_ISBN :
978-1-61284-158-8
DOI :
10.1109/ICBNMT.2011.6155891
