Profiling self-propagating worms via behavioral footprinting

Proceedings of the 4th ACM Workshop on Recurring Malcode, WORM'06. Co-located with the 13th ACM Conference on Computer and Communications Security, CCS'06

Volumn , Issue , 2006, Pages 17-24

  Jiang, Xuxian ^a   Xu, Dongyan ^b  

^a George Mason University   (United States)

^b Purdue University   (United States)

Author keywords

Behavioral footprinting; Content signature; Worm profiling; Worms

Indexed keywords

BEHAVIORAL FOOTPRINTING; CONTENT SIGNATURE; WORM PROFILING;

COMPUTER WORMS; DIGITAL SIGNAL PROCESSING; SECURITY OF DATA;

BEHAVIORAL RESEARCH;

EID: 34547155109     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1179542.1179547     Document Type: Conference Paper

References (27)

1. Snort, http://www.snort.org.
2. Lion Worms, http://www.sans.org/y2k/lion.htm, 2001.
3. MSBlaster Worms. http://www.cert, org/advisories /CA-2003-20.html, 2003.
4. Sasser Worms, http://www.microsoft.com/security/incident/sasser. asp, 2004.
5. D. Brumley, J. Newsome, D. Song, H. Wang, and S. Jha. Towards Automatic Generation of Vulnerability-Based Signatures. Proceedings of the 27th IEEE Symposium on Security and Privacy, May 2006.
6. M. Costa, J. Crowcroft, M. Castro, A. Rowstron, L. Zhou, L. Zhang, and P. Barham. Vigilante: End-to-End Containment of Internet Worms. Proceedings of ACM SOSP 2005, Oct. 2005.
7. J. R. Crandall and F. T. Chong. Minos: Control Data Attack Prevention Orthogonal to Memory Model. Proceedings of 87th International Symposium on Microarchitecture, Oct. 2004.
8. D. Dagon, X. Qin, G. Gu, W. Lee, J. Grizzard, J. Levine, and H. Owen. HoneyStat: Local Worm Detection Using Honeypots. Proceedings of RAID 2004, Sept. 2004.
9. R., Durbin, S. Eddy, and A. Krogh. Biological Sequence Analysis. Cambridge University Press, ISBN: 0521629713, 1998.
10. D. R. Ellis, J. G. Aiken, K. S. Attwood, and S. D. Tenaglia. A Behavioral Approach To Worm Detection. Invited talk in ACM WORM 2004, Oct. 2004.
11. A. K. Ghosh, A. Schwartzbard, and M. Schatz. Learning Program Behavior Profiles for Intrusion Detection. Proceedings of the 1999 Workshop on Intrusion Detection and Network Monitoring, Apr. 1999.
12. X. Jiang and D. Xu. Collapsar: A VM-Based Architecture for Network Attack Detention Center. Proceedings of the 13th USENIX Security Symposium, Aug. 2004.
13. X. Jiang and D. Xu. Behavioral Footprinting: a. New Dimension to Characterize Self-Propagating Worms. Department of Computer Science Technical Report CSD TR 05-027, Purdue University, Jan. 2005.
14. X. Jiang, D. Xu, H. J. Wang, and E. H. Spafford. Virtual Playgrounds for Worm Behavior Investigation. Proceedings of RAID 2005, Sept. 2005.
15. J. Jung, V. Paxson, A. W. Berger, and H. Balakrishnan. Fast Portscan Detection Using Sequential Hypothesis Testing. Proceedings of the 25th IEEE Symposium on Security and Privacy, May 2004.
16. H. A. Kim and B. Karp. Autograph: Toward Automated, Distributed Worm Signature Detection. Proceedings of the 13th Usenix Security Symposium, Aug. 2004.
17. C. Kreibich and J. Crowcroft. Honeycomb: Creating Intrusion Detection Signatures Using Honeypots. ACM SIGCOMM Computer Communication Review, Jan. 2004.
18. M. E. Locasto, J. J. Parekh, A. D. Keromytis, and S. J. Stolfo. Towards Collaborative Security and P2P Intrusion Detection. Proceedings of the 6th Annual IEEE Information Assurance Workshop, June 2005.
19. J. Newsome, B. Karp, and D. Song. Polygraph: Automatically Generating Signatures for Polymorphic Worms. Proceedings of the 26th IEEE Symposium on Security and Privacy, May 2005.
20. J. Newsome and D. Song. Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software. Proceedings of NDSS 2005, Feb. 2005.
21. M. Rinard, C. Cadar, D. Dumitran, D. Roy, and T. Leu. A Dynamic Technique for Eliminating Buffer Overflow Vulnerabilities (and Other Memory Errors). Proceedings of ACSAC, Dec. 2004.
22. S. Singh, C. Estan, G. Varghese, and S. Savage. Automated Worm Fingerprinting. Proceedings of the 6th ACM/USENIX Symposium on Operating Systems Design & Implementation, Dec. 2004.
23. S. Stamford and et al. The Design of GrIDS: A Graph-Based Intrusion Detection System. UCD Technical Report CSE-99-2, Jan. 1999.
24. G. E. Suh, J. W. Lee, D. Zhang, and S. Devadas. Secure Program Execution via Dynamic Information Flow Tracking. Proceedings of the 11th International Conference on Architectural Support for Programming Languages and Operating Systems, Oct. 2004.
25. G. Vigna, W. Robertson, and D. Balzarotti. Testing Intrusion Detection Signatures Using Mutant Exploits. Proceedings of the 11th ACM Conference on Computer and Communication Security, Oct. 2004.
26. H. J. Wang, C. Guo, D. R. Simon, and A. Zugenmaier. Shield: Vulnerability-Driven Network Filters for Preventing Known Vulnerability Exploits. Proceedings of ACM SIGCOMM 2004, Sept. 2004.
27. K. Wang and S. J. Stolfo. Anomalous Payload-based Network Intrusion Detection. Proceedings of RAID 2004, Sept. 2004.