Polymorphic worm detection and defense: System design, experimental methodology, and data resources

Proceedings of the 2006 SIGCOMM Workshop on Large-scale Attack Defense, LSAD'06

Volumn 2006, Issue , 2006, Pages 169-176

  Wang, Jisheng ^a   Hamadeh, Lhab ^a   Kesidis, George ^a   Miller, David J ^a  

^a PENNSYLVANIA STATE UNIVERSITY   (United States)

Author keywords

Intrusion detection system; Network anomaly detection; Polymorphic worms; Worm signature extraction

Indexed keywords

INTRUSION DETECTION SYSTEM; NETWORK ANOMALY DETECTION; POLYMORPHIC WORMS; WORM SIGNATURE EXTRACTION;

CLUSTERING ALGORITHMS; COMPUTER WORMS; DATA FLOW ANALYSIS; ELECTRONIC DOCUMENT IDENTIFICATION SYSTEMS; INTERNET; SYSTEMS ANALYSIS;

INTRUSION DETECTION;

EID: 34248403361     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1162666.1162676     Document Type: Conference Paper

References (19)

1. A. Apostolico, C. Iliopoulos, G.M. Landau, B. Schieber, and U. Vishkin. Parallel construction of a suffix tree with applications, Algorithmica, 1988.
2. J.R. Crandall, Z. Su, S.F. Wu, and F.T. Chong. On deriving unknown vulnerabilities from zero-day polymorphic and metamorphic worm exploits. In ACM Conf. Computer and Communication Security, 2005.
3. C. Estan, S. Savage, and G. Varghese. Automatically inferring patterns of resource consumption in network traffic. In Proc. ACM SIGCOMM, 2003.
4. L. Feinstein, D. Schnackenberg, R. Balupari, and D. Kindred. Statistical approaches to DDoS attack detection and response. In Proc. DARPA Info. Survivability Conf. and Expo., 2003.
5. L. Hui. Color set size problem with applications to string matching. In Proc. Symp. Comb. Pattern Matching, 1992.
6. H.A. Kim and B. Karp. Autograph: toward automated, distributed worm signature detection. In Proc. USENIX Security Symp., 2004.
7. A. Lakhina, M. Crovella, and C. Diot. Mining anomalies using traffic feature distributions. In Proc. ACM SIGCOMM, 2005.
8. G. Manku and R. Motwani. Approximate frequency counts over data streams. In Proc. Intel. Conf. Very Large Databases, 2002.
9. E.M. McCreight. A space-economical suffix tree construction algorithm. In Journal of the ACM, 23(2):262-272, 1976.
10. D. Moore, C. Shannon, G. Voelker, and S. Savage. Internet quarantine: requirements for containing self-propagation code. In IEEE Proc. INFOCOM, 2003.
11. J. Newsome, B. Karp, and D. Song. Polygraph: automatically generating signatures for polymorphic worms, In Proc. IEEE Symp. Security and Privacy, 2005.
12. M.O. Rabin. Fingerprinting by random polynomials, Technical Report TR-15-81, Harvard University, 1981.
13. W. Scheirer and M. Chuah. The strength of syntax based approaches to dynamic network intrusion detection. In Proc. Conf. on Info. Sci. & Sys., Princeton, NJ, Mar. 2006.
14. S. Singh, C. Estan, G. Varghese, and S. Savage. Automated worm fingerprinting. In Proc. ACM/USNIX Symp. Operating System Design and Implementation, 2004.
15. Waikato Applied Network Dynamics Research Group. Auckland University data traces. http://wand.cs.waikato.ac.nz/wand/wits/.
16. J. Wang, D.J. Miller, and G. Kesidis. Efficient Mining of the Multidimensional Traffic Cluster Hierarchy for Digesting, Visualization, and Anomaly Identification. To appear in IEEE JSAC on High-Speed Network Security, 2005.
17. th IEEE Symp. Switching and Automata Theory, 1973.
18. K. Xu, Z. Zhang and S. Bhattacharyya. Profiling internet backbone traffic: behavior models and applications. In Proc. ACM SIGCOMM, 2005.
19. Y. Zhang, S. Singh, S. Sen, N. Duffield, and C. Lund. Online identification of hierarchical heavy hitters: algorithms, evaluation, and applications. In Proc. Internet Meas. Conf., 2004.