Sciweavers

RAID
2005
Springer

Anomalous Payload-Based Worm Detection and Signature Generation

14 years 5 months ago
Anomalous Payload-Based Worm Detection and Signature Generation
New features of the PAYL anomalous payload detection sensor are demonstrated to accurately detect and generate signatures for zero-day worms. Experimental evidence demonstrates that site-specific packet content models are capable of detecting new worms with high accuracy in a collaborative security system. A new approach is proposed that correlates ingress/egress payload alerts to identify the worm’s initial propagation. The method also enables automatic signature generation that can be deployed immediately to network firewalls and content filters to proactively protect other hosts. We also propose a collaborative privacy-preserving security strategy whereby different hosts can exchange PAYL signatures to increase accuracy and mitigate against false positives. The important principle demonstrated is that correlating multiple alerts identifies true positives from the set of anomaly alerts and reduces incorrect decisions producing accurate mitigation.
Ke Wang, Gabriela F. Cretu, Salvatore J. Stolfo
Added 28 Jun 2010
Updated 28 Jun 2010
Type Conference
Year 2005
Where RAID
Authors Ke Wang, Gabriela F. Cretu, Salvatore J. Stolfo
Comments (0)