An automatic, prompt, and accurate exploit-based method to generate polymorphic worm's signature
| Autor: | Altyeb Altaher Altyeb, Sureswaran Ramadass, Shubair Abdulla |
|---|---|
| Rok vydání: | 2011 |
| Předmět: |
Honeypot
Exploit Network security business.industry Payload Computer science Distributed computing ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS Real-time computing Cryptography Data_CODINGANDINFORMATIONTHEORY Intrusion detection system Encryption ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS Pattern matching business |
| Zdroj: | 2011 4th IEEE International Conference on Broadband Network and Multimedia Technology. |
| DOI: | 10.1109/icbnmt.2011.6155891 |
| Popis: | Polymorphic worms evade network security systems by varying their payload every time an infection is attempted. The payload's variation operation is performed by using built-in self content encryptor. However, all encrypted payloads share the same invariant exploit code to ensure exploiting same vulnerability in same manner on all victims. This research paper is an endeavor to interpret the invariant part into signature. The basic idea of the proposed method is to assemble attacking payloads on a honeypot, and then extracting the worm's signature by using a matching technique. The experiments were conducted on two datasets, Witty worm's payloads and synthetic payloads, and have demonstrated promising results. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|