How to Own the Internet in Your Spare Time
Proceedings of the 11th USENIX Security Symposium
Monitoring and early warning for internet worms
Proceedings of the 10th ACM conference on Computer and communications security
Defense and Detection Strategies against Internet Worms
Defense and Detection Strategies against Internet Worms
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Semantics-Aware Malware Detection
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Polygraph: Automatically Generating Signatures for Polymorphic Worms
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
MisleadingWorm Signature Generators Using Deliberate Noise Injection
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Hamsa: Fast Signature Generation for Zero-day PolymorphicWorms with Provable Attack Resilience
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Static analysis of executables to detect malicious patterns
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Autograph: toward automated, distributed worm signature detection
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Bro: a system for detecting network intruders in real-time
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Polymorphic worm detection using structural information of executables
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Paragraph: thwarting signature learning by training maliciously
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Companion of the 30th international conference on Software engineering
DROP: Detecting Return-Oriented Programming Malicious Code
ICISS '09 Proceedings of the 5th International Conference on Information Systems Security
Graph based signature classes for detecting polymorphic worms via content analysis
Computer Networks: The International Journal of Computer and Telecommunications Networking
Toward early warning against Internet worms based on critical-sized networks
Security and Communication Networks
Adversarial attacks against intrusion detection systems: Taxonomy, solutions and open issues
Information Sciences: an International Journal
Detection and classification of peer-to-peer traffic: A survey
ACM Computing Surveys (CSUR)
| Hi-index | 0.00 |
Modern worms can spread so quickly that any countermeasure based on human reaction might not be fast enough. Recent research has focused on devising algorithms to automatically produce signature for polymorphic worms, required by Intrusion Detection Systems. However, polymorphic worms are more complex than non-mutating ones as they also require the identification of mutated instances. To this end, we propose Lisabeth, our improved version of Hamsa, an automated content-based signature generation system for polymorphic worms that uses invariant bytes analysis of network traffic content. We show an unknown attack to Hamsa's signature generator that is contrasted by Lisabeth. Moreover, we show that our approach is able to generally improve the resilience to poisoning attacks as supported by our experiments with synthetic polymorphic worms.