Skip to Main Content
Internet worms pose a major threat to Internet infrastructure security, and their destruction causes loss of millions of dollars. Therefore, the networks must be pro-tected as much as possible to avoid losses. In this paper we propose accurate system for signature generation for Zero-day polymorphic worms. We have designed a novel double-honeynet system, which is able to detect new worms that have not been seen before. We apply Princi-pal Component Analysis (PCA) to determine the most significant substrings that are shared between po-lymorphic worm instances. The experimental results show that the PCA has successfully detected polymorphic worms with zero false positives and zero false negatives.
GLOBECOM Workshops (GC Wkshps), 2010 IEEE
Date of Conference: 6-10 Dec. 2010