Characteristics of internet background radiation
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Semantics-Aware Malware Detection
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Polygraph: Automatically Generating Signatures for Polymorphic Worms
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Autograph: toward automated, distributed worm signature detection
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
An architecture for generating semantics-aware signatures
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Bro: a system for detecting network intruders in real-time
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Wireless telemedicine and m-health: technologies, applications and research issues
International Journal of Sensor Networks
Security and Communication Networks
On effective sampling techniques in host-based intrusion detection in tactical MANET
International Journal of Security and Networks
Accountability and Q-Accountable Logging in Wireless Networks
Wireless Personal Communications: An International Journal
Hi-index | 0.00 |
Malicious network traffic, including widespread worm activity, is a growing threat to internet-connected networks and hosts. In this paper, we consider both syntax and semantics based approaches for dynamic network intrusion detection. The semantics-based approach can cope with sophisticated polymorphic and metamorphic worms better than the syntax-based approach. Our contribution in this work is threefold: our syntax-based scheme that uses variable-length partition with multiple breakmarks can detect many polymorphic worms; we believe our semantic-based prototype is the first NIDS that provides semantics-aware capability and our system is more efficient than what is reported by Christodorescu et al. (2005); our designed templates capture polymorphic shellcodes with added sequences of stack and mathematic operations.