Skip to Main Content

IEEE.org| IEEE Xplore Digital Library| IEEE Standards| IEEE Spectrum| More Sites

Cart (Loading....) | Create Account | Sign In

Author Search^beta | Advanced Search | Preferences | | More Search Options

Browse Conference Publications > E-Business and Information Sy ...

A Novel Hybrid Method for Polymorphic Worm Detection

Full Text Sign-In or Purchase

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Username

Password

Purchase PDF
Other Formats

Formats	Non-Member	Member
PDF	$31	$13

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

Already Purchased? View Article
Subscription Options Learn More

3 Author(s)

Pan Xiaohui ; Sch. of Comput. Sci. & Eng., Univ. of Electron. Sci. & Technol. of China (UESTC), Chendu ; Zhang Xiaosong ; Chen Ting

Since worms have become a major threat of cybersecurity, several detection approaches have been proposed to detect them. However, attackers have exploited state-of-the-art techniques to evade these detection systems, such as polymorphism and metamorphism, making existing systems ineffective. In this paper, we propose a hybrid method for the detection of polymorphic worms. It uses improved reverse sequential hypothesis testing (RSHT) to detect portscans which are routinely used to find vulnerable hosts to compromise. Then a CPU emulator is used to execute every possible instruction sequence in suspicious traffic and determine whether it is an exploit code. We implemented a prototype and tested it using real polymorphic worms. Initial experimental results show that our approach is effective with high accuracy.

Published in:
E-Business and Information System Security, 2009. EBISS '09. International Conference on

Date of Conference: 23-24 May 2009

Page(s):: 1 - 5
E-ISBN :: 978-1-4244-2910-3
Print ISBN:: 978-1-4244-2909-7
INSPEC Accession Number:: 10734795

Conference Location :: Wuhan
Digital Object Identifier :: 10.1109/EBISS.2009.5137885
Product Type:: Conference Publications

Author(s)

Pan Xiaohui
Sch. of Comput. Sci. & Eng., Univ. of Electron. Sci. & Technol. of China (UESTC), Chendu
Zhang Xiaosong ; Chen Ting

INSPEC: CONTROLLED INDEXING

heuristic programming

invasive software

INSPEC: NON CONTROLLED INDEXING

CPU emulator

cybersecurity

exploit code

instruction sequence

metamorphism

polymorphic worm detection

polymorphism

portscans

reverse sequential hypothesis testing

IEEE TERMS

Bandwidth

Computer science

Computer security

Computer worms

Emulation

Intrusion detection

Prototypes

Sequential analysis

Telecommunication traffic

Testing

Referenced Items are not available for this document.

No versions found for this document.

Standards Dictionary Terms are available to subscribers only.

| Create Account

IEEE Account

Purchase Details

Profile Information

Need Help?

US & Canada: +1 800 678 4333
Worldwide: +1 732 981 0060
Contact & Support

IEEE Advancing Technology for Humanity

About IEEE Xplore | Contact | Help | Terms of Use | Nondiscrimination Policy | Site Map | Privacy & Opting Out of Cookies

A not-for-profit organization, IEEE is the world's largest professional association for the advancement of technology.
© Copyright 2013 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.