Automated signature generation for polymorphic worms using substrings extraction and principal component analysis

Internet Security system has been largely threatened due to increase in Internet Worms at an alarming rate. Intrusion Detection System signature has been manually generated by security experts during their study on the network status after the release of a new worm. But it can take place after a significant loss of assets. In this research work, we are proposing an automatic method which will generate signature for detection of polymorphic worms. We will be applying Principal Component Analysis (PCA) for determining the important substrings that appears mostly and are pooled amongst the instances of polymorphic worms for using them as signatures. The results generated show the successful detection of polymorphic worms using zero false positives and low false negatives by the PCA.