• DocumentCode
    2320796
  • Title

    Accurate signature generation for polymorphic worms using principal component analysis

  • Author

    Mohammed, Mohssen M Z E ; Chan, H. Anthony ; Ventura, Neco ; Hashim, Mohsin ; Amin, Izzeldin ; Bashier, Eihab

  • Author_Institution
    Dept. of Electr. Eng., Univ. of Cape Town, Rondebosch, South Africa
  • fYear
    2010
  • fDate
    6-10 Dec. 2010
  • Firstpage
    1555
  • Lastpage
    1560
  • Abstract
    Internet worms pose a major threat to Internet infrastructure security, and their destruction causes loss of millions of dollars. Therefore, the networks must be pro-tected as much as possible to avoid losses. In this paper we propose accurate system for signature generation for Zero-day polymorphic worms. We have designed a novel double-honeynet system, which is able to detect new worms that have not been seen before. We apply Princi-pal Component Analysis (PCA) to determine the most significant substrings that are shared between po-lymorphic worm instances. The experimental results show that the PCA has successfully detected polymorphic worms with zero false positives and zero false negatives.
  • Keywords
    Internet; computer network security; digital signatures; invasive software; principal component analysis; Internet infrastructure security; Internet worm; double honeynet system; principal component analysis; signature generation; zero day polymorphic worm; zero false negatives; zero false positives; honey-net; worms;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    GLOBECOM Workshops (GC Wkshps), 2010 IEEE
  • Conference_Location
    Miami, FL
  • Print_ISBN
    978-1-4244-8863-6
  • Type

    conf

  • DOI
    10.1109/GLOCOMW.2010.5700200
  • Filename
    5700200
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2320796