Journal of the ACM (JACM)
Honeycomb: creating intrusion detection signatures using honeypots
ACM SIGCOMM Computer Communication Review
Polygraph: Automatically Generating Signatures for Polymorphic Worms
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
MisleadingWorm Signature Generators Using Deliberate Noise Injection
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Hamsa: Fast Signature Generation for Zero-day PolymorphicWorms with Provable Attack Resilience
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
SweetBait: Zero-hour worm detection and containment using low- and high-interaction honeypots
Computer Networks: The International Journal of Computer and Telecommunications Networking
WormShield: Fast Worm Signature Generation with Distributed Fingerprint Aggregation
IEEE Transactions on Dependable and Secure Computing
An Automated Signature-Based Approach against Polymorphic Internet Worms
IEEE Transactions on Parallel and Distributed Systems
Improved algorithms for path, matching, and packing problems
SODA '07 Proceedings of the eighteenth annual ACM-SIAM symposium on Discrete algorithms
Hi-index | 0.00 |
In order to prevent worms from propagating rapidly, it is essential to generate worm signatures quickly and accurately. However, most of recent approaches can not generate accurate signatures for polymorphic worms in environments with noise. In this paper, we present a signature generation algorithm, namely CCSF (Color Coding Signature Finding), for polymorphic worms based on color coding. CCSF divides n sequences into m groups and each group contains 20 sequences. Firstly, CCSF generates signatures for each group by adopting color coding and filters them. Then all reserved signatures are clustered to get rid of redundant substrings. In this approach, signature can be generated without any fragment in environments with noise, and it can be used in IDS (Intrusion Detection System) to detect polymorphic worm. We perform extensive experiments to demonstrate the effectiveness of our approach. Experiment results show distinct advantages in generating accurate signatures over other existed approaches.