• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>IEEE Transactions on Parallel and Distributed Systems >An Automated Signature-Based Approach against Polymorphic Internet Worms
【24h】

An Automated Signature-Based Approach against Polymorphic Internet Worms

机译:一种基于签名的自动方法来应对多态Internet蠕虫

获取原文
获取原文并翻译 | 示例
           
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

Capable of infecting hundreds of thousands of hosts, worms represent a major threat to the Internet. However, the defense against them is still an open problem. This paper attempts to answer an important question: How can we distinguish polymorphic worms from normal background traffic? We propose a new worm signature, called the position-aware distribution signature (PADS), which fills the gap between traditional signatures and anomaly-based intrusion detection systems. The new signature is a collection of position-aware byte frequency distributions. It is more flexible than the traditional signatures of fixed strings while it is more precise than the position-unaware statistical signatures. We propose two algorithms based on Expectation-Maximization (EM) and Gibbs Sampling to efficiently compute PADS from a set of polymorphic worm samples. We also discuss how to separate a mixture of different polymorphic worms such that their respective PADS signatures can be calculated. We perform extensive experiments to demonstrate the effectiveness of PADS in separating new worm variants from normal background traffic.
机译:蠕虫能够感染成千上万的主机,对互联网构成了重大威胁。但是,针对它们的防御仍然是一个未解决的问题。本文试图回答一个重要的问题:如何区分正常背景流量中的多态蠕虫?我们提出了一种新的蠕虫签名,称为位置感知分布签名(PADS),它可以填补传统签名与基于异常的入侵检测系统之间的空白。新签名是位置感知字节频率分布的集合。它比固定字符串的传统签名更灵活,同时比位置未知的统计签名更精确。我们提出了两种基于期望最大化(EM)和吉布斯采样的算法,以有效地从一组多态蠕虫样本中计算PADS。我们还将讨论如何分离不同多态蠕虫的混合物,以便可以计算它们各自的PADS签名。我们进行了广泛的实验,以证明PADS在将新蠕虫变种与正常背景流量分离中的有效性。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号