Sciweavers

INFOCOM
2006
IEEE

A Quasi-Species Approach for Modeling the Dynamics of Polymorphic Worms

14 years 6 months ago
A Quasi-Species Approach for Modeling the Dynamics of Polymorphic Worms
— Polymorphic worms can change their byte sequence as they replicate and propagate, thwarting the traditional signature analysis techniques used by many intrusion detection systems (IDSes). As the incidence of such worms becomes more frequent, it is important to understand their behavior and interaction with the IDSes in order to develop effective strategies to control their propagation. In this paper, we propose a model based on coevolution of biological quasi-species to characterize the propagation of polymorphic worms and the effects of dynamic IDSes which improve their detection capability with time. The model is used to derive the maximum allowable response time of the IDS in order to contain the worm and the optimal mutation rate the worm should use in order to escape an IDS with a given response time. The observations from the model are validated using simulations with the ADMmutate polymorphic engine.
Bradley Stephenson, Biplab Sikdar
Added 11 Jun 2010
Updated 11 Jun 2010
Type Conference
Year 2006
Where INFOCOM
Authors Bradley Stephenson, Biplab Sikdar
Comments (0)