Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

Generating Simplified Regular Expression Signatures for Polymorphic Worms

https://doi.org/10.1007/978-3-540-73547-2_49 · Full text

Journal: Lecture Notes in Computer Science Autonomic and Trusted Computing, , p. 478-488

Publisher: Springer Berlin Heidelberg

Authors: Yong Tang, Xicheng Lu, Bin Xiao

List of references

  1. Kreibich, C., Crowcroft, J.: Honeycomb - creating intrusion detection signatures using honeypots. In: Proceedings of the Second Workshop on Hot Topics in Networks (Hotnets II), Boston (November 2003)
    https://doi.org/10.1145/972374.972384
  2. Kim, H.A., Karp, B.: Autograph: Toward automated, distributed worm signature detection. In: USENIX Security Symposium, pp. 271–286 (2004)
  3. Singh, S., Estan, C., Varghese, G., Savage, S.: Automated worm fingerprinting. In: Proc. 6th USENIX OSDI, San Francisco, CA (December 2004)
  4. Newsome, J., Karp, B., Song, D.: Polygraph: Automatically generating signatures for polymorphic worms. In: Proceedings of the 2005 IEEE Symposium on Security and Privacy, pp. 226–241. IEEE Computer Society Press, Washington (2005)
    https://doi.org/10.1109/SP.2005.15
  5. Crandall, J.R., Su, Z., Wu, S.F., Chong, F.T.: On deriving unknown vulnerabilities from zero-day polymorphic and metamorphic worm exploits. In: Proceedings of the 12th ACM conference on Computer and communications security, pp. 235–248. ACM Press, New York (2005)
    https://doi.org/10.1145/1102120.1102152
  6. Li, Z., Sanghi, M., Chen, Y., Kao, M.-Y., Chavez, B.: Hamsa: Fast signature generation for zero-day polymorphic worms with provable attack resilience. In: Proceedings of the 2006 IEEE Symposium on Security and Privacy (S&P 2006), IEEE Computer Society Press, Washington (2006)
  7. Newsome, J., Song, D.: Dynamic taint analysis for automatic detection, analysis, and signaturegeneration of exploits on commodity software. In: NDSS (2005)
  8. Liang, Z., Sekar, R.: Fast and automated generation of attack signatures: a basis for building self-protecting servers. In: CCS 2005: Proceedings of the 12th ACM conference on Computer and communications security, pp. 213–222. ACM Press, New York (2005)
    https://doi.org/10.1145/1102120.1102150
  9. Xu, J., Ning, P., Kil, C., Zhai, Y., Bookholt, C.: Automatic diagnosis and response to memory corruption vulnerabilities. In: CCS 2005: Proceedings of the 12th ACM conference on Computer and communications security, pp. 223–234. ACM Press, New York (2005)
    https://doi.org/10.1145/1102120.1102151
  10. Wang, X., Li, Z., Xu, J., Reiter, M.K., Kil, C., Choi, J.Y.: Packet vaccine: black-box exploit detection and signature generation. In: CCS 2006: Proceedings of the 13th ACM conference on Computer and communications security, pp. 37–46. ACM Press, New York (2006)
    https://doi.org/10.1145/1180405.1180412
  11. Sommer, R., Paxson, V.: Enhancing byte-level network intrusion detection signatures with context. In: CCS 2003: Proceedings of the 10th ACM conference on Computer and communications security, pp. 262–271. ACM Press, New York (2003)
    https://doi.org/10.1145/948109.948145
  12. Kumar, S., Dharmapurikar, S., Yu, F., Crowley, P., Turner, J.: Algorithms to accelerate multiple regular expressions matching for deep packet inspection. In: Proceedings of ACM SIGCOMM 2006, vol. 36, pp. 339–350. ACM Press, New York (2006)
  13. Tang, Y., Chen, S.: Defending against internet worms: A signature-based approach. In: Proceedings of the 24th Annual Conference IEEE INFOCOM 2005 (March 2005)
  14. Gelfand, M.S., Mironov, A., Pevzner, P.: Gene recognition via splices sequence alignment. In: Proc. Natl. Acad. Sci. USA, pp. 9061–9066 (1996)
    https://doi.org/10.1073/pnas.93.17.9061
  15. Goad, W.B., Kanehisa, M.I.: Pattern recognition in nucleic acid sequences: a general method for finding local homologies and symmetries. Nucleic Acids Research 10, 247–263 (1982)
    https://doi.org/10.1093/nar/10.1.247
  16. Needleman, S.B., Wunsch, C.D.: A general method applicable to the search for similarities in the amino acid sequence of two proteins. J. Mol. Biol. 48, 443–453 (1970)
    https://doi.org/10.1016/0022-2836(70)90057-4
  17. Lippmann, R., Haines, J.W., Fried, D.J., Korba, J., Das, K.: The 1999 darpa off-line intrusion detection evaluation. Comput. Networks 34(4), 579–595 (2000)
    https://doi.org/10.1016/S1389-1286(00)00139-0
  18. Yegneswaran, V., Giffin, J.T., Barford, P., Jha, S.: An Architecture for Generating Semantics-Aware Signatures. In: Proceedings of the 14th USENIX Security Symposium, Baltimore, MD, USA, pp. 97–112 (August 2005)
    https://doi.org/10.21236/ADA449063

Publications that cite this publication

Specification-Based Intrusion Detection Using Sequence Alignment and Data Clustering

Djibrilla Amadou Kountché, Sylvain Gombault

https://doi.org/10.1007/978-3-319-19210-9_3

2015, Communications in Computer and Information Science Future Network Systems and Security, p. 31-46

Scopus
Crossref citations: 0

Investigations of automatic methods for detecting the polymorphic worms signatures

Shadi A. Aljawarneh, Raja A. Moftah, Abdelsalam M. Maatuk

https://doi.org/10.1016/j.future.2016.01.020 ·

2016, Future Generation Computer Systems, p. 67-77

Scopus
WoS
Crossref citations: 167
Find all citations of the publication
About this publication
Number of citations 5
Number of works in the list of references 18
Journal indexed in Scopus Yes
Journal indexed in Web of Science No
Пошук