Signature metrics for accurate and automated worm detection

Proceedings of the 4th ACM Workshop on Recurring Malcode, WORM'06. Co-located with the 13th ACM Conference on Computer and Communications Security, CCS'06

Volumn , Issue , 2006, Pages 65-72

  Gopalan, Prem ^a   Jamieson, Kyle ^b   Mavrommatis, Panayiotis ^b   Poletto, Massimiliano ^a  

^a Mazu Networks ^*  (United States)

^b MASSACHUSETTS INSTITUTE OF TECHNOLOGY   (United States)

Author keywords

Network worms; Traffic analysis; Worm signatures

Indexed keywords

NETWORK WORMS; TRAFFIC ANALYSIS; WORM SIGNATURES;

COMPUTER WORMS; ELECTRONIC DOCUMENT IDENTIFICATION SYSTEMS; ELECTRONIC MAIL; TELECOMMUNICATION TRAFFIC;

ALGORITHMS;

EID: 34547232533     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1179542.1179557     Document Type: Conference Paper

References (22)

1. Inktomi web search faq. Technical report. http://support.inktomi.com/ Search-Engine/Product.Info/FAQ/searchfaq.html#slurp.
2. Malicious software encyclopedia: Worm:win32/zotob.a. Technical report, http://www.microsoft.com/security/incident/zotob.mspx.
3. The spread of the witty worm, caida. Technical report. http://www.caida.org/analysis/security/witty.
4. A. Broder. Some applications of Rabin's fingerprinting method. In R. Capocelli et al. eds., Sequences II: Methods in Communications, Security, and Computer Science, pages 143-152, 1993.
5. A. Broder and M. Mitzenmacher. Network applications of bloom filters: A survey. In Proceedings of the Allerton Conference, 2002.
6. Z. Chen, L. Gao, and K. Kwiat. Modeling the spread of active worms. In Proceedings of IEEE INFOCOM, 2003.
7. M. Costa, J. Crowcroft, M. Castro, A. Rowstron, L. Zhou, L. Zhang, and P. Barham. Vigilante: end-to-end containment of internet worms. In Proceedings of ACM SOSP, October 2005.
8. D. Ellis, J. Aiken, K. Attwood, and S. Tenaglia. A behavioral approach to worm, detection. In Proceedings of ACM WORM, Washington, DC, October 2004.
9. J. Jung, V. Paxson, A. W. Berger, and H. Balakrishnan. Fast portscan detection using sequential hypothesis testing. In Proceedings of IEEE Security and Privacy, Oakland, CA, May 2004.
10. H. A. Kim and B. Karp. Toward automated, distributed worm. signature detection. In Proceedings of Usenix Security, San Diego, CA, August 2004.
11. E. Kohler, R. Morris, B. Chen, J. Jannotti, and M. F. Kasshoek. The Click modular router. ACM TOCS, 18(3):263-297, August 2000.
12. C. Kreibich and J. Crowcroft. Honeycomb-creating intrusion detection signatures using honeypots. In Proceedings of ACM HotNets-II, November 2003.
13. D. Moore, C. Shannon, G. Voelker, and S. Savage. Requirements for containing self-propagating code. In Proceedings of IEEE INFOCOM, April 2003.
14. J. Newsome, B. Karp, and D. Song. Polygraph: Automatically generating signatures for polymorphic worms. In Proceedings of IEEE Security and Privacy, May 2005.
15. J. Newsome and D. Song. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In Proceedings of NDSS 12, 2005.
16. M. Roesch. Snort: Lightweight intrusion detection for networks. In Proceedings of Usenix LISA, 1999.
17. B. Schroder. Ordered Sets - An Introduction. Birkhauser, Boston, 2003.
18. S. Singh, C. Estan, G. Varghese, and S. Savage. Automated worm fingerprinting. In Proceedings of ACM SOSP, December 2004.
19. S. Venkataraman, D. Song, P. Gibbons, and A. Blum. New streaming algorithms for fast detection of superspreaders. In Proceedings of NDSS 12, 2005.
20. N. Weaver, V. Paxson, S. Stamford, and R. Cunningham. A taxonomy of computer worms. In Proceedings of ACM WORM, 2003.
21. M. Williamson. Design, implementation and test of an email virus throttle. In Proceedings of ACSAC 19, 2003.
22. Y. Xie, V. Sekar, D. Maltz, M. Reiter, and H. Zhang. Worm origin identification using random moonwalks. In Proceedings of IEEE Security and Privacy, 2005.