Title :
Polymorphic Worm Detection by Analyzing Maximum Length of Instruction Sequence in Network Packets
Author :
Tatara, Kohei ; Hori, Yoshiaki ; Sakurai, Kouichi
Author_Institution :
Grad. Sch. of Inf. Sci. & Electr. Eng., Kyushu Univ., Kyushu
Abstract :
Intrusion detection system records worm´s signature, and detects the attack that lurks in traffic based on it. However, to detect the worm that corrects, and changes some oneself, a highly accurate detection technique for distinguishing the code that seems to be the worm included in traffic is requested. In this paper, we pay attention to the Toth et al.´s method to extract the executable code included in the data flows on the network and detect the attack by measuring the length of them. Then, we describe the problem of their method and how to solve it.
Keywords :
computer networks; invasive software; telecommunication security; telecommunication traffic; data flow; intrusion detection system; maximum instruction sequence length; network packet; network traffic; polymorphic worm detection; worm signature; Availability; Cryptography; Electrostatic precipitators; Engines; Information analysis; Information science; Information security; Length measurement; Payloads; Proposals; Abstract Payload Execution; Instrusion Detection; Polymorphic Worm;
Conference_Titel :
Availability, Reliability and Security, 2009. ARES '09. International Conference on
Conference_Location :
Fukuoka
Print_ISBN :
978-1-4244-3572-2
Electronic_ISBN :
978-0-7695-3564-7
DOI :
10.1109/ARES.2009.103
