Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
ICSE
2008
IEEE-ACM
2008
IEEE-ACM
LISABETH: automated content-based signature generator for zero-day polymorphic worms
Modern worms can spread so quickly that any countermeasure based on human reaction might not be fast enough. Recent research has focused on devising algorithms to automatically produce signature for polymorphic worms, required by Intrusion Detection Systems. However, polymorphic worms are more complex than non-mutating ones as they also require the identification of mutated instances. To this end, we propose Lisabeth, our improved version of Hamsa, an automated content-based signature generation system for polymorphic worms that uses invariant bytes analysis of network traffic content. We show an unknown attack to Hamsa's signature generator that is contrasted by Lisabeth. Moreover, we show that our approach is able to generally improve the resilience to poisoning attacks as supported by our experiments with synthetic polymorphic worms. Categories and Subject Descriptors K.6.5 [Computing Milieux]: Security and Protection-Invasive software General Terms Security
Real-time Traffic| Added | 09 Dec 2009 |
| Updated | 09 Dec 2009 |
| Type | Conference |
| Year | 2008 |
| Where | ICSE |
| Authors | Lorenzo Cavallaro, Andrea Lanzi, Luca Mayer, Mattia Monga |
Comments (0)
Researcher Info
|
