An Automated Signature-Based Approach against Polymorphic Internet Worms Yong Tang; Shigang Chen; IEEE Transactions on Parallel and Distributed Systems,

Slides:

Advertisements

Similar presentations

PEBL: Web Page Classification without Negative Examples Hwanjo Yu, Jiawei Han, Kevin Chen- Chuan Chang IEEE TRANSACTIONS ON KNOWLEDGE AND DATA ENGINEERING,

Advertisements

Wen-Hsiao Peng Chun-Chi Chen

An Introduction to the EM Algorithm Naala Brewer and Kehinde Salau.

An On-Chip IP Address Lookup Algorithm Author: Xuehong Sun and Yiqiang Q. Zhao Publisher: IEEE TRANSACTIONS ON COMPUTERS, 2005 Presenter: Yu Hao, Tseng.

IP Traceback in Cloud Computing Through Deterministic Flow Marking Mouiad Abid Hani Presentation figures are from references given on slide 21. By Presented.

An Energy-Efﬁcient Communication Scheme in Wireless Cable Sensor Networks Xiao Chen Neil C. Rowe epartment of Computer Science Department of Computer Science.

SIDD: A Framework for Detecting Sensitive Data Exfiltration by an Insider Attack 42 nd Hawaii International Conference on System Sciences, Electrical.

11 Packet Sampling for Worm and Botnet Detection in TCP Connections Reporter: 林佳宜 /10/25.

Krzysztof Fabjański Common string pattern searching.

Polymorphic blending attacks Prahlad Fogla et al USENIX 2006 Presented By Himanshu Pagey.

Chih-Hsing Lin, Jia-Shiuan Tsai, and Ching-Te Chiu

1 Polymorphic Blending Attacks By Prahlad Fogla, Monirul Sharif, Roberto Perdisci, Oleg Kolesnikov and Wenke Lee Presented by Jelena Mirkovic Topic 1.

IEEE TCSVT 2011 Wonjun Kim Chanho Jung Changick Kim

 Looked at some research approaches to: o Evaluate defense effectiveness o Stop worm from spreading from a given host o Defend a circle of friends against.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

Scalable IPv6 Lookup/Update Design for High-Throughput Routers Authors: Chung-Ho Chen, Chao-Hsien Hsu, Chen -Chieh Wang Presenter: Yi-Sheng, Lin ( 林意勝.

Improved TCAM-based Pre-Filtering for Network Intrusion Detection Systems Department of Computer Science and Information Engineering National Cheng Kung.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

Carnegie Mellon Exact Maximum Likelihood Estimation for Word Mixtures Yi Zhang & Jamie Callan Carnegie Mellon University Wei Xu.

Big Data Analytics and Challenge Presented by Saurabh Rastogi Asst. Prof. in Maharaja Agrasen Institute of Technology B.Tech(IT), M.Tech(IT)

Fast and Robust Worm Detection Algorithm Tian Bu Aiyou Chen Scott Vander Wiel Thomas Woo bearhsu.

Remote Sensing Laboratory Dept. of Information Engineering and Computer Science University of Trento Via Sommarive, 14, I Povo, Trento, Italy Remote.

Network-based and Attack-resilient Length Signature Generation for Zero-day Polymorphic Worms Zhichun Li 1, Lanjia Wang 2, Yan Chen 1 and Judy Fu 3 1 Lab.

Network-based and Attack-resilient Length Signature Generation for Zero-day Polymorphic Worms Zhichun Li 1, Lanjia Wang 2, Yan Chen 1 and Judy Fu 3 1 Lab.

Automated malware classification based on network behavior

Engineering Applications of Artificial Intelligence,

PARALLEL TABLE LOOKUP FOR NEXT GENERATION INTERNET

EPPA: An Efficient and Privacy-Preserving Aggregation Scheme for Secure Smart Grid Communications Rongxing Lu, Xiaohui Liang, Xu Li, Xiaodong Lin, Xuemin.

Sampling Techniques to Accelerate Pattern Matching in Network Intrusion Detection Systems Author: Domenico Ficara, Gianni Antichi, Andrea Di Pietro, Stefano.

Segmental Hidden Markov Models with Random Effects for Waveform Modeling Author: Seyoung Kim & Padhraic Smyth Presentor: Lu Ren.

Hierarchical Distributed Genetic Algorithm for Image Segmentation Hanchuan Peng, Fuhui Long*, Zheru Chi, and Wanshi Siu {fhlong, phc,

Scalable and Efficient Data Streaming Algorithms for Detecting Common Content in Internet Traffic Minho Sung Networking & Telecommunications Group College.

Reversible Image Watermarking Using Interpolation Technique Source: IEEE Transcation on Information Forensics and Security, Vol. 5, No. 1, March 2010 Authors:

Design of a System for Real- Time Worm Detection Bharath Madhusudan, John Lockwood Department of Computer Science and Engineering Washington University,

DoWitcher: Effective Worm Detection and Containment in the Internet Core S. Ranjan et. al in INFOCOM 2007 Presented by: Sailesh Kumar.

Hamsa: Fast Signature Generation for Zero-day Polymorphic Worms with Provable Attack Resilience Zhichun Li, Manan Sanghi, Yan Chen, Ming-Yang Kao and Brian.

1 Optimal Resource Placement in Structured Peer-to-Peer Networks Authors: W. Rao, L. Chen, A.W.-C. Fu, G. Wang Source: IEEE Transactions on Parallel and.

IEEE Communications Surveys & Tutorials 1st Quarter 2008.

Embedded System on NTP 2009 Fourth International Conference on Computer Sciences and Convergence Information Technology Chien-Chi Chao Shih-Ping Huang.

Automatic Image Annotation by Using Concept-Sensitive Salient Objects for Image Content Representation Jianping Fan, Yuli Gao, Hangzai Luo, Guangyou Xu.

The Application of The Improved Hybrid Ant Colony Algorithm in Vehicle Routing Optimization Problem International Conference on Future Computer and Communication,

Dynamic Load Balancing and Job Replication in a Global-Scale Grid Environment: A Comparison IEEE Transactions on Parallel and Distributed Systems, Vol.

/ 22 1 A Distributed and Efficient Flooding Scheme Using 1-hop Information in Mobile Ad Hoc Networks Hai Liu Xiaohua Jia Peng-Jun Wan Dept. of Comput.

Learning to Sense Sparse Signals: Simultaneous Sensing Matrix and Sparsifying Dictionary Optimization Julio Martin Duarte-Carvajalino, and Guillermo Sapiro.

Defending Against Internet Worms: A Signature-Based Approach Aurthors: Yong Tang, and Shigang Chen Publication: IEEE INFOCOM'05 Presenter : Richard Bares.

1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.

StriD 2 FA: Scalable Regular Expression Matching for Deep Packet Inspection Author: Xiaofei Wang, Junchen Jiang, Yi Tang, Bin Liu, and Xiaojun Wang Publisher:

Data Hiding in a Kind of PDF Texts for Secret Communication Authors : S.P. Zhong, X.Q. Cheng, and T.R. Chen Source : International Journal of Network Security,

Polygraph: Automatically Generating Signatures for Polymorphic Worms James Newsome, Brad Karp, and Dawn Song Carnegie Mellon University Presented by Ryan.

Intelligent Database Systems Lab 國立雲林科技大學 National Yunlin University of Science and Technology Extensions of vector quantization for incremental clustering.

Presenter: Kuei-Yu Hsu Advisor: Dr. Kai-Wei Ke 2013/4/29 Detecting Skype flows Hidden in Web Traffic.

nd Joint Workshop between Security Research Labs in JAPAN and KOREA Polymorphic Worm Detection by Instruction Distribution Kihun Lee HPC Lab., Postech.

Polygraph: Automatically Generating Signatures for Polymorphic Worms Presented by: Devendra Salvi Paper by : James Newsome, Brad Karp, Dawn Song.

Firewall in the Internet Security By Dou Wang, Ying Chen, Jiaying Shi School of Computer Science University of Windsor November 2007.

Using a bioinformatics approach to generate accurate exploit-based signature for polymorphic worms Computers & Security, Vol. 20, Page , Nov

Key Establishment Scheme against Storage-Bounded Adversaries in Wireless Sensor Networks Authors: Shi-Chun Tsai, Wen-Guey Tzeng, and Kun-Yi Zhou Source:

Automated Worm Fingerprinting Authors: Sumeet Singh, Cristian Estan, George Varghese and Stefan Savage Publish: OSDI'04. Presenter: YanYan Wang.

PANACEA: AUTOMATING ATTACK CLASSIFICATION FOR ANOMALY-BASED NETWORK INTRUSION DETECTION SYSTEMS Reporter : 鄭志欣 Advisor: Hsing-Kuo Pao.

Network-based and Attack-resilient Length Signature Generation for Zero-day Polymorphic Worms Zhichun Li 1, Lanjia Wang 2, Yan Chen 1 and Judy Fu 3 1 Lab.

Polygraph: Automatically Generating Signatures for Polymorphic Worms Authors: James Newsome (CMU), Brad Karp (Intel Research), Dawn Song (CMU) Presenter:

Anomaly Detection. Network Intrusion Detection Techniques. Ştefan-Iulian Handra Dept. of Computer Science Polytechnic University of Timișoara June 2010.

An Iterative Monte Carlo Method for Nonconjugate Bayesian Analysis B. P. Carlin and A. E. Gelfand Statistics and Computing 1991 A Generic Approach to Posterior.

IP Routing table compaction and sampling schemes to enhance TCAM cache performance Author: Ruirui Guo a, Jose G. Delgado-Frias Publisher: Journal of Systems.

1 LSB Matching Revisited Source: IEEE Signal Processing Letters (Accepted for future publication) Authors: Jarno Mielikainen Speaker: Chia-Chun Wu ( 吳佳駿.

Shadow Detection in Remotely Sensed Images Based on Self-Adaptive Feature Selection Jiahang Liu, Tao Fang, and Deren Li IEEE TRANSACTIONS ON GEOSCIENCE.

POLYGRAPH: Automatically Generating Signatures for Polymorphic Worms

Der-Chyuan Lou and Jiang-Lung Liu,

Ambika Shrestha Chitrakar Prof. Slobodan Petrovic

PEBL: Web Page Classification without Negative Examples

Automatic Discovery of Network Applications: A Hybrid Approach

Presentation transcript:

An Automated Signature-Based Approach against Polymorphic Internet Worms Yong Tang; Shigang Chen; IEEE Transactions on Parallel and Distributed Systems, Vol. 18, No. 7, July Reporter: Luo Sheng-Yuan 2009/04/09

Outline Introduction Related Work Proposed Scheme Experiments Result Conclusion 2

Introduction Worms represent a major threat to the Internet. Polymorphism techniques that a worm may use to evade detection by the current defense systems. Position-Aware Distribution Signature (PADS) Compute PADS from a set of polymorphic worm samples. 3

Related Work Signature-based ▫ Longest Common Substrings 4 Payload 1 Payload 2

Related Work Anomaly-based ▫ Byte Frequency Distribution 5

Related Work Polymorphism Techniques ▫ Self-encryption ▫ Garbage-code Insertion ▫ Instruction-substitution ▫ Code-transposition ▫ Register-reassignment 6

Related Work Variants of a polymorphic worm 7

Proposed Scheme Position-Aware Distribution Signature (PADS) 8

Proposed Scheme Payload Matching against PADS 9 Payload Significant Region

Proposed Scheme Compute PADS from captured worm samples ▫ Expectation-Maximization Algorithm 10 Sample 1 Sample 2 Sample n Significant Region

Proposed Scheme Compute PADS from captured worm samples ▫ Gibbs Sampling Algorithm 11 Sample 1 Sample 2 Sample n

Experiments Result False Positives and False Negatives 12

Experiments Result Convergence of EM and Gibbs 13

Experiments Result Matching Time 14

Conclusion We propose iterative algorithms to calculate the signature from captured worm samples. Extensively experiments are performed on four worms to validate the proposed signature and its algorithms. 15

Comment Matching Time is bigger than traditional approaches. Artificially generate the variants of these worms based on some polymorphism techniques, but not including Self-encryption, Code-transposition, and Register-reassignment. Maybe, the iterative algorithms can replace by Genetic Algorithm. 16