Title :
Polymorphic Worm Detection Using Double-Honeynet
Author :
Mohammed, Mohssen M Z E ; Chan, H. Anthony ; Ventura, Neco ; Hashim, Mohsim ; Amin, Izzeldin
Author_Institution :
Electr. Eng. Departmnet, Cape Town Univ., Cape Town, South Africa
Abstract :
Internet worms are increasing every year, and they increasingly threaten the availability and integrity of Internet-based services. Polymorphic worms evade signature-based Intrusion Detection Systems (IDSs) by varying their payload on every infection attempt. In this paper, we propose a system for automated signature generation for Zero-day polymorphic worms. We have designed a novel double-honeynet system, which is able to detect new worms that have not been seen before. The system is based on an efficient algorithm that uses worms binary representation for pattern matching. The system is able to generate accurate signatures for single and multiple worms.
Keywords :
Internet; digital signatures; invasive software; pattern matching; Internet worms; Internet-based services; automated signature generation; double-honeynet system; pattern matching; polymorphic worm detection; signature-based intrusion detection system; worm binary representation; zero-day polymorphic worms; Africa; Cities and towns; Computer worms; Electronic mail; Information security; Intrusion detection; Payloads; Software engineering; Viruses (medical); Web and internet services; Honeynet; Internet security; Polymorphic worms;
Conference_Titel :
Software Engineering Advances, 2009. ICSEA '09. Fourth International Conference on
Conference_Location :
Porto
Print_ISBN :
978-1-4244-4779-4
Electronic_ISBN :
978-0-7695-3777-1
DOI :
10.1109/ICSEA.2009.64
