Title :
Fast Automated Signature Generation for Polymorphic Worms Using Double-Honeynet
Author :
Mohammed, Mohssen M Z E ; Chan, H. Anthony
Author_Institution :
Dept. of Electr. Eng., Univ. of Cape Town, Cape Town
Abstract :
Polymorphic worms evade signature-based intrusion detection systems (IDSs) by varying their payloads on every infection attempt. In this paper, we propose a system for automated signature generation for polymorphic worms. We design a novel double-honeynet system which is able to automatically detect unknown polymorphic worms. We propose signatures with multiple substrings to match most of the worm instances with low false positives and low false negatives. Our system applies signature-based detection, protocol anomaly detection, and protocol semantics awareness to the network traffic that is captured by the double-honeynet.
Keywords :
digital signatures; invasive software; protocols; telecommunication traffic; double-honeynet system; fast automated signature generation; network traffic; polymorphic worms; protocol anomaly detection; protocol semantics awareness; signature-based intrusion detection systems; Africa; Broadband communication; Cities and towns; Communication system traffic control; Information technology; Intrusion detection; Payloads; Protocols; Telecommunication traffic; Web and internet services;
Conference_Titel :
Broadband Communications, Information Technology & Biomedical Applications, 2008 Third International Conference on
Conference_Location :
Gauteng
Print_ISBN :
978-1-4244-3281-3
Electronic_ISBN :
978-0-7695-3453-4
DOI :
10.1109/BROADCOM.2008.21
