Hamsa: Fast Signature Generation for Zero-day PolymorphicWorms with Provable Attack Resilience

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Zhichun Li Articles by Manan Sanghi Articles by Yan Chen Articles by Ming-Yang Kao Articles by Brian Chavez

2006 IEEE Symposium on Security and Privacy (S&P'06)

Berkeley/Oakland, California

May 21-May 24

ISBN: 0-7695-2574-1

	ASCII Text	x
	Zhichun Li, Manan Sanghi, Yan Chen, Ming-Yang Kao, Brian Chavez, "Hamsa: Fast Signature Generation for Zero-day PolymorphicWorms with Provable Attack Resilience," Security and Privacy, IEEE Symposium on, pp. 32-47, 2006 IEEE Symposium on Security and Privacy (S&P'06), 2006.

	BibTex	x
	@article{ 10.1109/SP.2006.18, author = {Zhichun Li and Manan Sanghi and Yan Chen and Ming-Yang Kao and Brian Chavez}, title = {Hamsa: Fast Signature Generation for Zero-day PolymorphicWorms with Provable Attack Resilience}, journal ={Security and Privacy, IEEE Symposium on}, volume = {0}, year = {2006}, issn = {1081-6011}, pages = {32-47}, doi = {http://doi.ieeecomputersociety.org/10.1109/SP.2006.18}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Security and Privacy, IEEE Symposium on TI - Hamsa: Fast Signature Generation for Zero-day PolymorphicWorms with Provable Attack Resilience SN - 1081-6011 SP32 EP47 A1 - Zhichun Li, A1 - Manan Sanghi, A1 - Yan Chen, A1 - Ming-Yang Kao, A1 - Brian Chavez, PY - 2006 KW - null VL - 0 JA - Security and Privacy, IEEE Symposium on ER -

Zhichun Li, Northwestern University, Evanston, IL

Manan Sanghi, Northwestern University, Evanston, IL

Yan Chen, Northwestern University, Evanston, IL

Ming-Yang Kao, Northwestern University, Evanston, IL

Brian Chavez, Northwestern University, Evanston, IL

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/SP.2006.18

Zero-day polymorphic worms pose a serious threat to the security of Internet infrastructures. Given their rapid propagation, it is crucial to detect them at edge networks and automatically generate signatures in the early stages of infection. Most existing approaches for automatic signature generation need host information and are thus not applicable for deployment on high-speed network links. In this paper, we propose Hamsa, a network-based automated signature generation system for polymorphic worms which is fast, noise-tolerant and attack-resilient. Essentially, we propose a realistic model to analyze the invariant content of polymorphic worms which allows us to make analytical attack-resilience guarantees for the signature generation algorithm. Evaluation based on a range of polymorphic worms and polymorphic engines demonstrates that Hamsa significantly outperforms Polygraph [16] in terms of efficiency, accuracy, and attack resilience.

Citation:

Zhichun Li, Manan Sanghi, Yan Chen, Ming-Yang Kao, Brian Chavez, "Hamsa: Fast Signature Generation for Zero-day PolymorphicWorms with Provable Attack Resilience," sp, pp.32-47, 2006 IEEE Symposium on Security and Privacy (S&P'06), 2006

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.