Automated signature generation approach for polymorphic worm based on color coding Academic Article

abstract

• A fast and accurate generation of worm signatures is essential in efficiently defending worm propagation. Most of the recent signature generation approaches do not generate accurate signatures for polymorphic worms in environments with noise. In this paper, a CCSF (color coding signature finding) algorithm is presented to solve the problem of a polymorphic worm signature generation with noise by using color coding. In the CCSF algorithm, n sequences are divided into m group, and signatures for every group sequence are generated by color coding. After filtering all signatures, an accurate worm signature is generated. CCSF's range of polymorphic worms is evaluated. When comparing CCSF with other existing approaches, CCSF shows a distinct advantages in generating accurate signatures for polymorphic worms in the presence of noise. Signatures generated do not contain fragments and can be used conveniently to detect polymorphic worms in IDS (intrusion detection system). by Institute of Software, the Chinese Academy of Sciences.

authors

• Chen, Jianer

published proceedings

• Ruan Jian Xue Bao/Journal of Software

author list (cited authors)

• Wang, J., Wang, J. X., & Chen, J. E.

complete list of authors

• Wang, J||Wang, JX||Chen, JE

publication date

• October 2010

published in

• Ruanjian Xuebao  Journal

Digital Object Identifier (DOI)

• 10.3724/SP.J.1001.2010.03653

start page

• 2599

end page

• 2609

volume

• 21

issue

• 10