Real-time malware detection framework in intrusion detection systems

Authors:
SunWoo Kim;TaeGuen Kim;Eul Gyu Im
Affiliations:
Hanyang University, Seoul, Korea;Hanyang University, Seoul, Korea;Hanyang University, Seoul, Korea
Venue:
Proceedings of the 2013 Research in Adaptive and Convergent Systems
Year:
2013

Citing 3
Cited 0

Snort - Lightweight Intrusion Detection for Networks

LISA '99 Proceedings of the 13th USENIX conference on System administration
Malware Defense Using Network Security Authentication

IWIA '05 Proceedings of the Third IEEE International Workshop on Information Assurance
Malware detection system by payload analysis of network traffic (poster abstract)

RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses

Quantified Score

Hi-index	0.00

Visualization

Abstract

We suggest an efficient framework to detect malware in Intrusion Detection System (IDS). The framework generates signatures from malware families and generates corresponding detection rules. The generated signatures are not influenced by small changes of malware while they can be used to detect malware that has similar behaviors with normal programs. Our signatures are stored as an Aho-Corasick Tree form to improve signature matching performance in IDS.