Title :
ASG Automated Signature Generation for Worm-Like P2P Traffic Patterns
Author :
Xiao, Fengtao ; Hu, Huaping ; Chen, Xin ; Liu, Bo
Author_Institution :
Sch. of Comput. Sci., Nat. Univ. of Defence Technol., Changsha
Abstract :
Many P2P software have the similar communication patterns with computer worms, thus they will bring in false positives for behaviour based worm detection. Up to now, little work is done on the research of the similarities between communication patterns of worm and P2P software as well as how to eliminate the worm-like P2P traffic. Based on the analysis of popular P2P software used nowadays and the host process information, this paper presents ASG, which is a novel host based algorithm to generate signatures for worm-like P2P communication patterns. The contribution of our work lies in three aspects: a) Analyzing communication pattern similarities between P2P traffic and worm traffic through examples. b) Designing one practical and simple signature format for worm-like P2P traffic based on the host process information, c) Presenting automated signature generation (ASG) method to extract the signature of worm-like P2P traffic. Experiments with the popular used P2P software show that ASG can effectively extract the signature and reduce the false positives.
Keywords :
invasive software; peer-to-peer computing; telecommunication traffic; ASG; P2P software; automated signature generation; worm traffic; worm-like P2P traffic patterns; Computer architecture; Computer science; Computer security; Computer worms; Data mining; Information analysis; Information management; Information security; Pattern analysis; Telecommunication traffic;
Conference_Titel :
Web-Age Information Management, 2008. WAIM '08. The Ninth International Conference on
Conference_Location :
Zhangjiajie Hunan
Print_ISBN :
978-0-7695-3185-4
Electronic_ISBN :
978-0-7695-3185-4
DOI :
10.1109/WAIM.2008.95
