Title :
A Fast Method of Signature Generation for Polymorphic Worms
Author :
Zhang, Jia ; Duan, Haixin ; Wang, Lanjia ; Guan, Yuntao ; Wu, Jianping
Author_Institution :
Network Res. Center, Tsinghua Univ., Beijing
Abstract :
With the development of polymorphic worms, worms do greater harm to networks. The content-based signature generation of polymorphic worms has been a challenge for network security. This paper presents a fast signature generation method for polymorphic worms. The main feature of this method is clustering network normal traffic to create a white list before carrying out a comprehensive analysis of malicious traffic. Compared with other methods, this approach avoids the large number of comparisons with normal network traffic pool because of the white list. It is proved by experiments that our approach has a good noise-tolerant capability and high efficiency, and signatures generated by our method have a high accuracy.
Keywords :
digital signatures; invasive software; telecommunication traffic; clustering network normal traffic; content-based signature generation; malicious traffic; network security; noise-tolerant capability; polymorphic worms; Clustering algorithms; Clustering methods; Computer networks; Computer worms; Cryptography; Data mining; Filtration; Intrusion detection; Noise generators; Telecommunication traffic; Network security; Signature generation; Worm detection;
Conference_Titel :
Computer and Electrical Engineering, 2008. ICCEE 2008. International Conference on
Conference_Location :
Phuket
Print_ISBN :
978-0-7695-3504-3
DOI :
10.1109/ICCEE.2008.33
