|
| This Article | ||
| ||
| Share | ||
| Bibliographic References | ||
| Add to: | ||
 Digg  Furl  Spurl  Blink  Simpy  Google  Del.icio.us  Y!MyWeb | ||
| Search | ||
| ||
2009 11th IEEE International Conference on High Performance Computing and Communications
Polymorphic Worm Detection Using Signatures Based on Neighborhood Relation
Seoul, Korea
June 25-June 27
ISBN: 978-0-7695-3738-2
| ASCII Text | x | ||
| Jie Wang, Jianxin Wang, Yu Sheng, Jianer Chen, "Polymorphic Worm Detection Using Signatures Based on Neighborhood Relation," High Performance Computing and Communication & IEEE International Conference on Embedded Software and Systems, IEEE International Conference on, pp. 347-353, 2009 11th IEEE International Conference on High Performance Computing and Communications, 2009. | |||
| BibTex | x | ||
| @article{ 10.1109/HPCC.2009.59, author = {Jie Wang and Jianxin Wang and Yu Sheng and Jianer Chen}, title = {Polymorphic Worm Detection Using Signatures Based on Neighborhood Relation}, journal ={High Performance Computing and Communication & IEEE International Conference on Embedded Software and Systems, IEEE International Conference on}, volume = {0}, year = {2009}, isbn = {978-0-7695-3738-2}, pages = {347-353}, doi = {http://doi.ieeecomputersociety.org/10.1109/HPCC.2009.59}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, } | |||
| RefWorks Procite/RefMan/Endnote | x | ||
| TY - CONF JO - High Performance Computing and Communication & IEEE International Conference on Embedded Software and Systems, IEEE International Conference on TI - Polymorphic Worm Detection Using Signatures Based on Neighborhood Relation SN - 978-0-7695-3738-2 SP347 EP353 A1 - Jie Wang, A1 - Jianxin Wang, A1 - Yu Sheng, A1 - Jianer Chen, PY - 2009 VL - 0 JA - High Performance Computing and Communication & IEEE International Conference on Embedded Software and Systems, IEEE International Conference on ER - | |||
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/HPCC.2009.59
In recent years, worm signatures suffer from difficulties to detect polymorphic worms because these worms can change their patterns dynamically. In this paper, a class of neighborhood-relation signatures (NRS) are proposed, including 1-NRS, 2-NRS and (1,2)-NRS. NRS can be used for detecting polymorphic worms since these worms often remain the same relationship between bytes in changing their patterns. Two signature generation algorithm based on Expectation-Maximization (EM) and Gibbs Sampling are designed to generate NRS. We perform extensive experiments to demonstrate the effectiveness of NRS and the correctness of the process of signatures generation. Experiment results show that our approach of defending polymorphic worm based on NRS is more effective than other approach based on existed signatures.
Citation:
Jie Wang, Jianxin Wang, Yu Sheng, Jianer Chen, "Polymorphic Worm Detection Using Signatures Based on Neighborhood Relation," hpcc-icess, pp.347-353, 2009 11th IEEE International Conference on High Performance Computing and Communications, 2009
Usage of this product signifies your acceptance of the Terms of Use.