An Automated Signature Generation Approach for Polymorphic Worm Based on Color Coding Conference Paper

abstract

• In order to prevent worms from propagating rapidly, it is essential to generate worm signatures quickly and accurately. However, most of recent approaches can not generate accurate signatures for polymorphic worms in environments with noise. In this paper, we present a signature generation algorithm, namely CCSF (Color Coding Signature Finding), for polymorphic worms based on color coding. CCSF divides n sequences into m groups and each group contains 20 sequences. Firstly, CCSF generates signatures for each group by adopting color coding and filters them. Then all reserved signatures are clustered to get rid of redundant substrings. In this approach, signature can be generated without any fragment in environments with noise, and it can be used in IDS (Intrusion Detection System) to detect polymorphic worm. We perform extensive experiments to demonstrate the effectiveness of our approach. Experiment results show distinct advantages in generating accurate signatures over other existed approaches. 2009 IEEE.

name of conference

• 2009 IEEE International Conference on Communications

authors

• Chen, Jianer
• Zhang, Xi

published proceedings

• 2009 IEEE INTERNATIONAL CONFERENCE ON COMMUNICATIONS, VOLS 1-8

author list (cited authors)

• Wang, J., Wang, J., Chen, J., & Zhang, X. i.

citation count

• 6

complete list of authors

• Wang, Jie||Wang, Jianxin||Chen, Jianer||Zhang, Xi

publication date

• June 2009

publisher

• Institute of Electrical and Electronics Engineers (IEEE)  Publisher

published in

• 2013 National Conference on Communications, NCC 2013  Journal

Digital Object Identifier (DOI)

• 10.1109/icc.2009.5198721

International Standard Book Number (ISBN) 13

• 978-1-4244-3434-3

start page

• 926

end page

• +

URL

• http%3A%2F%2Fdx.doi.org%2F10.1109%2Ficc.2009.5198721