By Topic

Detection of Worm Propagation Engines in the System Call Domain using Colored Petri Nets

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Tokhtabayev, A.G. ; Center for Adv. Inf. Technol., Binghamton Univ., Binghamton, NY ; Skormin, V.A. ; Dolgikh, A.M.

While network worms carry various payloads and may utilize any available exploits, they all have one common component - the propagation engine. Moreover, it is important to note that the number of conceptually distinct propagation engines employed by existing network worms is quite limited. This paper presents a novel signature-based approach for detecting attacks perpetrated by network worms as a manifestation of a semantic functionality performed by one of the few known propagation engines. We propose a novel methodology to recognize any semantic functionality in the system call domain through utilizing colored Petri Nets. In this application, Petri Nets embody behavior-based signatures of the propagation engine functionalities. These signatures are indicative of the shell code activity in the first stage of the worm proliferation. We developed, tested and evaluated a propagation engine detector (PED) system that detects activity of the worm shell code executed by a process during an attack. Moreover, PED is able to recognize the type of propagation engine employed by the attacking worm.

Published in:

Performance, Computing and Communications Conference, 2008. IPCCC 2008. IEEE International

Date of Conference:

7-9 Dec. 2008