Automated polymorphic worm signature generation approach based on seed-extending

被引：0

作者：

Wang, Jie ^{[1
]}

He, Xiao-Xian ^{[1
]}

机构：

[1] School of Information Science and Engineering, Central South University, Changsha

来源：

Tongxin Xuebao/Journal on Communications | 2014年 / 35卷 / 09期

基金：

中国国家自然科学基金;

关键词：

Information security; Polymorphic worm; Seed-extending algorithm; Worm detection; Worm signature;

D O I：

10.3969/j.issn.1000-436x.2014.09.002

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

A polymorphic worm signature generation approach based on seed-extending, SESG, was proposed. Firstly, algorithm SESG puts all sequences into a queue based on their weight. Seed sequence in the queue is extended, and all kinds of worm sequences and noise sequences are classified. Finally, worm signature is generated from classified worm sequences. Experiments are run to test SESG and compared with other approaches. Experiment results show that SESG can classify worm sequences and noise sequences from suspicious flow pool over other existed approaches, which can generate effective worm signature more easily.

引用

页码：12 / 19

页数：7

共 28 条

[1]

Weng W.P., Qing S.H., Jiang J.C., Et al., Research and development of internet worms, Journal of Software, 15, 8, pp. 1208-1219, (2004)

[2]

He L., Feng D.G., Wang R., Et al., Mapreduce-based large-scale online social network worm simulation, Journal of Software, 24, 7, pp. 1666-1682, (2013)

[3]

Su F., Lin Z.W., Ma Y., Et al., Research on worm propagation model in IPv6 networks, Journal on Communications, 32, 9, pp. 51-60, (2011)

[4]

Wu G.Z., Qin Z.G., Research on large-scale P2P worm simulation, Journal on Communications, 32, 8, pp. 128-135, (2011)

[5]

Zhang W., Wang R.C., Li P., Worm propagation modeling in cloud security, Journal on Communications, 33, 4, pp. 17-24, (2012)

[6]

Liu B., Wang H.M., Xiao F.T., Et al., Enhanced-AAWP, a heterogeneous network oriented worm propagation model, Journal on Communications, 32, 12, pp. 103-113, (2011)

[7]

Yang F., Duan H.X., Li X., Modeling and analyzing interaction between network worm and antiworm during the propagation process, Science in China Ser E, 34, 8, pp. 841-856, (2004)

[8]

Xiao F.T., Hu H.P., Liu B., HPBR: host packet behavior ranking model used in worm detection, Journal on Communications, 29, 10, pp. 108-116, (2008)

[9]

Comar P.M., Liu L., Saha S., Et al., Combining supervised and unsupervised learning for zero-day malware detection, Proceedings of 32nd Annual IEEE International Conference on Computer Communications (INFOCOM 2013), pp. 2022-2030, (2013)

[10]

Kaur R., Singh M., Efficient hybrid technique for detecting zero-day polymorphic worms, 2014 IEEE International Advance Computing Conference (IACC), pp. 95-100, (2014)

← 1 2 3 →