TY - GEN
T1 - An automatic, prompt, and accurate exploit-based method to generate polymorphic worm's signature
AU - Ramadass, Sureswaran
AU - Abdulla, Shubair A.
AU - Altyeb, Altyeb Altaher
PY - 2011
Y1 - 2011
N2 - Polymorphic worms evade network security systems by varying their payload every time an infection is attempted. The payload's variation operation is performed by using built-in self content encryptor. However, all encrypted payloads share the same invariant exploit code to ensure exploiting same vulnerability in same manner on all victims. This research paper is an endeavor to interpret the invariant part into signature. The basic idea of the proposed method is to assemble attacking payloads on a honeypot, and then extracting the worm's signature by using a matching technique. The experiments were conducted on two datasets, Witty worm's payloads and synthetic payloads, and have demonstrated promising results.
AB - Polymorphic worms evade network security systems by varying their payload every time an infection is attempted. The payload's variation operation is performed by using built-in self content encryptor. However, all encrypted payloads share the same invariant exploit code to ensure exploiting same vulnerability in same manner on all victims. This research paper is an endeavor to interpret the invariant part into signature. The basic idea of the proposed method is to assemble attacking payloads on a honeypot, and then extracting the worm's signature by using a matching technique. The experiments were conducted on two datasets, Witty worm's payloads and synthetic payloads, and have demonstrated promising results.
KW - exploit code
KW - intrusion detection systems
KW - synthetic worms
KW - worm signature
UR - http://www.scopus.com/inward/record.url?scp=84858238241&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84858238241&partnerID=8YFLogxK
U2 - 10.1109/ICBNMT.2011.6155891
DO - 10.1109/ICBNMT.2011.6155891
M3 - Conference contribution
AN - SCOPUS:84858238241
SN - 9781612841564
T3 - Proceedings - 2011 4th IEEE International Conference on Broadband Network and Multimedia Technology, IC-BNMT 2011
SP - 37
EP - 41
BT - Proceedings - 2011 4th IEEE International Conference on Broadband Network and Multimedia Technology, IC-BNMT 2011
T2 - 2011 4th IEEE International Conference on Broadband Network and Multimedia Technology, IC-BNMT 2011
Y2 - 28 October 2011 through 30 October 2011
ER -