Please use this identifier to cite or link to this item:
https://repository.cihe.edu.hk/jspui/handle/cihe/1372| Title: | Fast automated signature generation for polymorphic worms using double-honeynet | Author(s): | Chan, Anthony Hing-Hung | Author(s): | Mohammed, M. M. Z. E. | Issue Date: | 2008 | Publisher: | IEEE | Related Publication(s): | Proceedings of the 2008 Third International Conference on Broadband Communications, Information Technology & Biomedical Applications (BROADCOM) | Start page: | 142 | End page: | 147 | Abstract: | Polymorphic worms evade signature-based intrusion detection systems (IDSs) by varying their payloads on every infection attempt. In this paper, we propose a system for automated signature generation for polymorphic worms. We design a novel double-honeynet system which is able to automatically detect unknown polymorphic worms. We propose signatures with multiple substrings to match most of the worm instances with low false positives and low false negatives. Our system applies signature-based detection, protocol anomaly detection, and protocol semantics awareness to the network traffic that is captured by the double-honeynet. |
URI: | https://repository.cihe.edu.hk/jspui/handle/cihe/1372 | DOI: | 10.1109/BROADCOM.2008.21 | CIHE Affiliated Publication: | No |
| Appears in Collections: | CIS Publication |
Show full item record
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.
