By Topic

An automatic, prompt, and accurate exploit-based method to generate polymorphic worm's signature

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Ramadass, S. ; NAV6 Center of Excellence, Univ. Sains Malaysia USM, Minden, Malaysia ; Abdulla, S.A. ; Altyeb, A.A.

Polymorphic worms evade network security systems by varying their payload every time an infection is attempted. The payload's variation operation is performed by using built-in self content encryptor. However, all encrypted payloads share the same invariant exploit code to ensure exploiting same vulnerability in same manner on all victims. This research paper is an endeavor to interpret the invariant part into signature. The basic idea of the proposed method is to assemble attacking payloads on a honeypot, and then extracting the worm's signature by using a matching technique. The experiments were conducted on two datasets, Witty worm's payloads and synthetic payloads, and have demonstrated promising results.

Published in:

Broadband Network and Multimedia Technology (IC-BNMT), 2011 4th IEEE International Conference on

Date of Conference:

28-30 Oct. 2011