Title :
A Novel Hybrid Method for Polymorphic Worm Detection
Author :
Pan Xiaohui ; Zhang Xiaosong ; Chen Ting
Author_Institution :
Sch. of Comput. Sci. & Eng., Univ. of Electron. Sci. & Technol. of China (UESTC), Chendu
Abstract :
Since worms have become a major threat of cybersecurity, several detection approaches have been proposed to detect them. However, attackers have exploited state-of-the-art techniques to evade these detection systems, such as polymorphism and metamorphism, making existing systems ineffective. In this paper, we propose a hybrid method for the detection of polymorphic worms. It uses improved reverse sequential hypothesis testing (RSHT) to detect portscans which are routinely used to find vulnerable hosts to compromise. Then a CPU emulator is used to execute every possible instruction sequence in suspicious traffic and determine whether it is an exploit code. We implemented a prototype and tested it using real polymorphic worms. Initial experimental results show that our approach is effective with high accuracy.
Keywords :
heuristic programming; invasive software; CPU emulator; cybersecurity; exploit code; instruction sequence; metamorphism; polymorphic worm detection; polymorphism; portscans; reverse sequential hypothesis testing; Bandwidth; Computer science; Computer security; Computer worms; Emulation; Intrusion detection; Prototypes; Sequential analysis; Telecommunication traffic; Testing;
Conference_Titel :
E-Business and Information System Security, 2009. EBISS '09. International Conference on
Conference_Location :
Wuhan
Print_ISBN :
978-1-4244-2909-7
Electronic_ISBN :
978-1-4244-2910-3
DOI :
10.1109/EBISS.2009.5137885
