Generating Simplified Regular Expression Signatures for Polymorphic Worms
https://doi.org/10.1007/978-3-540-73547-2_49
·
Full text
Journal: Lecture Notes in Computer Science Autonomic and Trusted Computing, , p. 478-488
Publisher: Springer Berlin Heidelberg
Authors: Yong Tang, Xicheng Lu, Bin Xiao
List of references
-
Kreibich, C., Crowcroft, J.: Honeycomb - creating intrusion detection signatures using honeypots. In: Proceedings of the Second Workshop on Hot Topics in Networks (Hotnets II), Boston (November 2003)
https://doi.org/10.1145/972374.972384
- Kim, H.A., Karp, B.: Autograph: Toward automated, distributed worm signature detection. In: USENIX Security Symposium, pp. 271–286 (2004)
- Singh, S., Estan, C., Varghese, G., Savage, S.: Automated worm fingerprinting. In: Proc. 6th USENIX OSDI, San Francisco, CA (December 2004)
-
Newsome, J., Karp, B., Song, D.: Polygraph: Automatically generating signatures for polymorphic worms. In: Proceedings of the 2005 IEEE Symposium on Security and Privacy, pp. 226–241. IEEE Computer Society Press, Washington (2005)
https://doi.org/10.1109/SP.2005.15
-
Crandall, J.R., Su, Z., Wu, S.F., Chong, F.T.: On deriving unknown vulnerabilities from zero-day polymorphic and metamorphic worm exploits. In: Proceedings of the 12th ACM conference on Computer and communications security, pp. 235–248. ACM Press, New York (2005)
https://doi.org/10.1145/1102120.1102152
- Li, Z., Sanghi, M., Chen, Y., Kao, M.-Y., Chavez, B.: Hamsa: Fast signature generation for zero-day polymorphic worms with provable attack resilience. In: Proceedings of the 2006 IEEE Symposium on Security and Privacy (S&P 2006), IEEE Computer Society Press, Washington (2006)
- Newsome, J., Song, D.: Dynamic taint analysis for automatic detection, analysis, and signaturegeneration of exploits on commodity software. In: NDSS (2005)
-
Liang, Z., Sekar, R.: Fast and automated generation of attack signatures: a basis for building self-protecting servers. In: CCS 2005: Proceedings of the 12th ACM conference on Computer and communications security, pp. 213–222. ACM Press, New York (2005)
https://doi.org/10.1145/1102120.1102150
-
Xu, J., Ning, P., Kil, C., Zhai, Y., Bookholt, C.: Automatic diagnosis and response to memory corruption vulnerabilities. In: CCS 2005: Proceedings of the 12th ACM conference on Computer and communications security, pp. 223–234. ACM Press, New York (2005)
https://doi.org/10.1145/1102120.1102151
-
Wang, X., Li, Z., Xu, J., Reiter, M.K., Kil, C., Choi, J.Y.: Packet vaccine: black-box exploit detection and signature generation. In: CCS 2006: Proceedings of the 13th ACM conference on Computer and communications security, pp. 37–46. ACM Press, New York (2006)
https://doi.org/10.1145/1180405.1180412
-
Sommer, R., Paxson, V.: Enhancing byte-level network intrusion detection signatures with context. In: CCS 2003: Proceedings of the 10th ACM conference on Computer and communications security, pp. 262–271. ACM Press, New York (2003)
https://doi.org/10.1145/948109.948145
- Kumar, S., Dharmapurikar, S., Yu, F., Crowley, P., Turner, J.: Algorithms to accelerate multiple regular expressions matching for deep packet inspection. In: Proceedings of ACM SIGCOMM 2006, vol. 36, pp. 339–350. ACM Press, New York (2006)
- Tang, Y., Chen, S.: Defending against internet worms: A signature-based approach. In: Proceedings of the 24th Annual Conference IEEE INFOCOM 2005 (March 2005)
-
Gelfand, M.S., Mironov, A., Pevzner, P.: Gene recognition via splices sequence alignment. In: Proc. Natl. Acad. Sci. USA, pp. 9061–9066 (1996)
https://doi.org/10.1073/pnas.93.17.9061
-
Goad, W.B., Kanehisa, M.I.: Pattern recognition in nucleic acid sequences: a general method for finding local homologies and symmetries. Nucleic Acids Research 10, 247–263 (1982)
https://doi.org/10.1093/nar/10.1.247
-
Needleman, S.B., Wunsch, C.D.: A general method applicable to the search for similarities in the amino acid sequence of two proteins. J. Mol. Biol. 48, 443–453 (1970)
https://doi.org/10.1016/0022-2836(70)90057-4
-
Lippmann, R., Haines, J.W., Fried, D.J., Korba, J., Das, K.: The 1999 darpa off-line intrusion detection evaluation. Comput. Networks 34(4), 579–595 (2000)
https://doi.org/10.1016/S1389-1286(00)00139-0
-
Yegneswaran, V., Giffin, J.T., Barford, P., Jha, S.: An Architecture for Generating Semantics-Aware Signatures. In: Proceedings of the 14th USENIX Security Symposium, Baltimore, MD, USA, pp. 97–112 (August 2005)
https://doi.org/10.21236/ADA449063
Publications that cite this publication
Specification-Based Intrusion Detection Using Sequence Alignment and Data Clustering
Djibrilla Amadou Kountché, Sylvain Gombault
https://doi.org/10.1007/978-3-319-19210-9_3
2015, Communications in Computer and Information Science Future Network Systems and Security, p. 31-46
Investigations of automatic methods for detecting the polymorphic worms signatures
Shadi A. Aljawarneh, Raja A. Moftah, Abdelsalam M. Maatuk