Title :
Fast and accurate detection for polymorphic worms
Author :
Mohammed, Mohssen M Z E ; Chan, H. Anthony ; Ventura, Neeo ; Hashim, Mohsin ; Bashier, Eihab
Author_Institution :
Dept. of Electr. Eng., Univ. of Cape Town Rondebosch, Cape Town, South Africa
Abstract :
Computer worms pose a real threat to the Internet security, and their automatic nature makes them powerful and destructive. In this paper we propose fast and accurate detection system for Zero-day polymorphic worms. We have designed a novel double-honeynet system, which is able to detect new worms that have not been seen before. We apply Principal Component Analysis (PCA) to reduce the dimension of worm payloads such that only the most probable signatures of the worm will be obtained. The experimental results show that the PCA has successfully detected polymorphic worms with zero false positives and low false negatives.
Keywords :
Internet; invasive software; principal component analysis; Internet security; accurate detection system; computer worms; double-honeynet system; principal component analysis; zero-day polymorphic worms; Grippers; Logic gates;
Conference_Titel :
Internet Technology and Secured Transactions (ICITST), 2010 International Conference for
Conference_Location :
London
Print_ISBN :
978-1-4244-8862-9
Electronic_ISBN :
978-0-9564263-6-9