Presentation is loading. Please wait.

Presentation is loading. Please wait.

An Automated Signature-Based Approach against Polymorphic Internet Worms Yong Tang; Shigang Chen; IEEE Transactions on Parallel and Distributed Systems,

Published byMaximillian Banks Modified over 9 years ago

Similar presentations

Presentation on theme: "An Automated Signature-Based Approach against Polymorphic Internet Worms Yong Tang; Shigang Chen; IEEE Transactions on Parallel and Distributed Systems,"— Presentation transcript:

1 An Automated Signature-Based Approach against Polymorphic Internet Worms Yong Tang; Shigang Chen; IEEE Transactions on Parallel and Distributed Systems, Vol. 18, No. 7, July 2007 1 Reporter: Luo Sheng-Yuan 2009/04/09

2 Outline Introduction Related Work Proposed Scheme Experiments Result Conclusion 2

3 Introduction Worms represent a major threat to the Internet. Polymorphism techniques that a worm may use to evade detection by the current defense systems. Position-Aware Distribution Signature (PADS) Compute PADS from a set of polymorphic worm samples. 3

4 Related Work Signature-based ▫ Longest Common Substrings 4 Payload 1 Payload 2

5 Related Work Anomaly-based ▫ Byte Frequency Distribution 5

6 Related Work Polymorphism Techniques ▫ Self-encryption ▫ Garbage-code Insertion ▫ Instruction-substitution ▫ Code-transposition ▫ Register-reassignment 6

7 Related Work Variants of a polymorphic worm 7

8 Proposed Scheme Position-Aware Distribution Signature (PADS) 8

9 Proposed Scheme Payload Matching against PADS 9 Payload Significant Region

10 Proposed Scheme Compute PADS from captured worm samples ▫ Expectation-Maximization Algorithm 10 Sample 1 Sample 2 Sample n Significant Region

11 Proposed Scheme Compute PADS from captured worm samples ▫ Gibbs Sampling Algorithm 11 Sample 1 Sample 2 Sample n

12 Experiments Result False Positives and False Negatives 12

13 Experiments Result Convergence of EM and Gibbs 13

14 Experiments Result Matching Time 14

15 Conclusion We propose iterative algorithms to calculate the signature from captured worm samples. Extensively experiments are performed on four worms to validate the proposed signature and its algorithms. 15

16 Comment Matching Time is bigger than traditional approaches. Artificially generate the variants of these worms based on some polymorphism techniques, but not including Self-encryption, Code-transposition, and Register-reassignment. Maybe, the iterative algorithms can replace by Genetic Algorithm. 16

Download ppt "An Automated Signature-Based Approach against Polymorphic Internet Worms Yong Tang; Shigang Chen; IEEE Transactions on Parallel and Distributed Systems,"

Similar presentations

PEBL: Web Page Classification without Negative Examples Hwanjo Yu, Jiawei Han, Kevin Chen- Chuan Chang IEEE TRANSACTIONS ON KNOWLEDGE AND DATA ENGINEERING,

PEBL: Web Page Classification without Negative Examples Hwanjo Yu, Jiawei Han, Kevin Chen- Chuan Chang IEEE TRANSACTIONS ON KNOWLEDGE AND DATA ENGINEERING,
Wen-Hsiao Peng Chun-Chi Chen

Wen-Hsiao Peng Chun-Chi Chen
An Introduction to the EM Algorithm Naala Brewer and Kehinde Salau.

An Introduction to the EM Algorithm Naala Brewer and Kehinde Salau.
An On-Chip IP Address Lookup Algorithm Author: Xuehong Sun and Yiqiang Q. Zhao Publisher: IEEE TRANSACTIONS ON COMPUTERS, 2005 Presenter: Yu Hao, Tseng.

An On-Chip IP Address Lookup Algorithm Author: Xuehong Sun and Yiqiang Q. Zhao Publisher: IEEE TRANSACTIONS ON COMPUTERS, 2005 Presenter: Yu Hao, Tseng.
IP Traceback in Cloud Computing Through Deterministic Flow Marking Mouiad Abid Hani Presentation figures are from references given on slide 21. By Presented.

IP Traceback in Cloud Computing Through Deterministic Flow Marking Mouiad Abid Hani Presentation figures are from references given on slide 21. By Presented.
An Energy-Efficient Communication Scheme in Wireless Cable Sensor Networks Xiao Chen Neil C. Rowe epartment of Computer Science Department of Computer Science.

An Energy-Efficient Communication Scheme in Wireless Cable Sensor Networks Xiao Chen Neil C. Rowe epartment of Computer Science Department of Computer Science.
SIDD: A Framework for Detecting Sensitive Data Exfiltration by an Insider Attack 42 nd Hawaii International Conference on System Sciences, 2009. Electrical.

SIDD: A Framework for Detecting Sensitive Data Exfiltration by an Insider Attack 42 nd Hawaii International Conference on System Sciences, Electrical.
11 Packet Sampling for Worm and Botnet Detection in TCP Connections Reporter: 林佳宜 2010/10/25.

11 Packet Sampling for Worm and Botnet Detection in TCP Connections Reporter: 林佳宜 /10/25.
Krzysztof Fabjański Common string pattern searching.

Krzysztof Fabjański Common string pattern searching.
Polymorphic blending attacks Prahlad Fogla et al USENIX 2006 Presented By Himanshu Pagey.

Polymorphic blending attacks Prahlad Fogla et al USENIX 2006 Presented By Himanshu Pagey.
Chih-Hsing Lin, Jia-Shiuan Tsai, and Ching-Te Chiu

Chih-Hsing Lin, Jia-Shiuan Tsai, and Ching-Te Chiu
1 Polymorphic Blending Attacks By Prahlad Fogla, Monirul Sharif, Roberto Perdisci, Oleg Kolesnikov and Wenke Lee Presented by Jelena Mirkovic Topic 1.

1 Polymorphic Blending Attacks By Prahlad Fogla, Monirul Sharif, Roberto Perdisci, Oleg Kolesnikov and Wenke Lee Presented by Jelena Mirkovic Topic 1.
IEEE TCSVT 2011 Wonjun Kim Chanho Jung Changick Kim

IEEE TCSVT 2011 Wonjun Kim Chanho Jung Changick Kim
 Looked at some research approaches to: o Evaluate defense effectiveness o Stop worm from spreading from a given host o Defend a circle of friends against.

 Looked at some research approaches to: o Evaluate defense effectiveness o Stop worm from spreading from a given host o Defend a circle of friends against.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Scalable IPv6 Lookup/Update Design for High-Throughput Routers Authors: Chung-Ho Chen, Chao-Hsien Hsu, Chen -Chieh Wang Presenter: Yi-Sheng, Lin ( 林意勝.

Scalable IPv6 Lookup/Update Design for High-Throughput Routers Authors: Chung-Ho Chen, Chao-Hsien Hsu, Chen -Chieh Wang Presenter: Yi-Sheng, Lin ( 林意勝.
Improved TCAM-based Pre-Filtering for Network Intrusion Detection Systems Department of Computer Science and Information Engineering National Cheng Kung.

Improved TCAM-based Pre-Filtering for Network Intrusion Detection Systems Department of Computer Science and Information Engineering National Cheng Kung.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
Carnegie Mellon Exact Maximum Likelihood Estimation for Word Mixtures Yi Zhang & Jamie Callan Carnegie Mellon University Wei Xu.

Carnegie Mellon Exact Maximum Likelihood Estimation for Word Mixtures Yi Zhang & Jamie Callan Carnegie Mellon University Wei Xu.
Big Data Analytics and Challenge Presented by Saurabh Rastogi Asst. Prof. in Maharaja Agrasen Institute of Technology B.Tech(IT), M.Tech(IT)

Big Data Analytics and Challenge Presented by Saurabh Rastogi Asst. Prof. in Maharaja Agrasen Institute of Technology B.Tech(IT), M.Tech(IT)

Similar presentations

Ads by Google