An automatic, prompt, and accurate exploit-based method to generate polymorphic worm's signature

An automatic, prompt, and accurate exploit-based method to generate polymorphic worm's signature

Polymorphic worms evade network security systems by varying their payload every time an infection is attempted. The payload's variation operation is performed by using built-in self content encryptor. However, all encrypted payloads share the same invariant exploit code to ensure exploiting sam...

Full description

Saved in:
Bibliographic Details
Published in:2011 4th IEEE International Conference on Broadband Network and Multimedia Technology pp. 37 - 41
Main Authors: Ramadass, S., Abdulla, S. A., Altyeb, A. A.
Format: Conference Proceeding
Language:English
Published: IEEE 01-10-2011
Subjects:
Algorithms
Computers
Cryptography
exploit code
Grippers
intrusion detection systems
Payloads
Software
synthetic worms
worm signature
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Polymorphic worms evade network security systems by varying their payload every time an infection is attempted. The payload's variation operation is performed by using built-in self content encryptor. However, all encrypted payloads share the same invariant exploit code to ensure exploiting same vulnerability in same manner on all victims. This research paper is an endeavor to interpret the invariant part into signature. The basic idea of the proposed method is to assemble attacking payloads on a honeypot, and then extracting the worm's signature by using a matching technique. The experiments were conducted on two datasets, Witty worm's payloads and synthetic payloads, and have demonstrated promising results.
ISBN:9781612841588
1612841589
DOI:10.1109/ICBNMT.2011.6155891