Title :
Detect Polymorphic Worms Based on Semantic Signature and Data-Mining
Author :
Wei, Wang ; Dai-sheng, Luo ; Jianmin, Zhang
Author_Institution :
Inst. of Image Info., Sichuan Univ., Chengdu
Abstract :
In recent years, Internet worms increasingly threaten the Internet hosts and service and polymorphic worms can evade signature-based intrusion detection systems. In this paper, we propose new methods to detect polymorphic worms based on semantic signature and data-mining. Our main contributions of this work are as follows: (1) we propose a worm attack model - the OSJUMP model. (2) Based on the attack model, we analyse the feature of polymorphic worms and the feature of perfect ones. (3) We propose methods to detect worms through recognizing JUMP address based on data-mining such as Bayes and ANN. We evaluate some famous worm and polymorphic ones generated from them. The results show that the false negative and performance improved a lot compared to signature-based IDSs.
Keywords :
Bayes methods; Internet; data mining; invasive software; neural nets; ANN; Bayes; Internet worms; JUMP address; OSJUMP model; data mining; polymorphic worms; semantic signature; signature-based intrusion detection systems; worm attack model; Buffer overflow; Cryptography; Databases; Engines; Intrusion detection; Payloads; Performance analysis; Protocols; Telecommunication traffic; Web and internet services;
Conference_Titel :
Communications and Networking in China, 2006. ChinaCom '06. First International Conference on
Conference_Location :
Beijing
Print_ISBN :
1-4244-0463-0
Electronic_ISBN :
1-4244-0463-0
DOI :
10.1109/CHINACOM.2006.344904
