Skip to Main Content
Computer worms pose a real threat to the Internet security, and their automatic nature makes them powerful and destructive. In this paper we propose fast and accurate detection system for Zero-day polymorphic worms. We have designed a novel double-honeynet system, which is able to detect new worms that have not been seen before. We apply Principal Component Analysis (PCA) to reduce the dimension of worm payloads such that only the most probable signatures of the worm will be obtained. The experimental results show that the PCA has successfully detected polymorphic worms with zero false positives and low false negatives.
Date of Conference: 8-11 Nov. 2010