A rough set approach for automatic key attributes identification of zero-day polymorphic worms

Expert Systems with Applications

Volumn 36, Issue 3 PART 1, 2009, Pages 4672-4679

  Sun, Wen Chen ^a   Chen, Yi Ming ^a  

^a NATIONAL CENTRAL UNIVERSITY   (Taiwan)

Author keywords

Polymorphic worm; Rough set theory; Zero day attack

Indexed keywords

COMPUTER CRIME; COMPUTER SYSTEM FIREWALLS; CRACK PROPAGATION; INTRUSION DETECTION;

FILTERING RULES; INTERNET HOSTS; INTRUSION DETECTION SYSTEMS; POLYMORPHIC WORMS; ROUGH SET THEORY (RST); TRUE POSITIVE RATES; WORM PROPAGATION; ZERO DAY ATTACK;

ROUGH SET THEORY;

EID: 58349117882     PISSN: 09574174     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.eswa.2008.06.037     Document Type: Article

References (32)

1. Cai M., Hwang K., Kwok Y., Song S., and Chen Y. Collaborative Internet worm containment. IEEE Security and Privacy Magazine 3 3 (2005) 25-33
2. Chen, X., & Heidemann, J. (2004). Detecting early worm propagation through packet matching. Technical report ISI-TR-2004-585, USC/Information Sciences Institute.
3. Chou H.C., Cheng C.H., and Chang J.R. Extracting drug utilization knowledge using self-organizing map and rough set theory. Expert Systems with Applications 33 2 (2007) 499-508
4. Crandall, J. R., Su, Z., & Wu, S. F. (2005). On deriving unknown vulnerabilities from zero-day polymorphic and metamorphic worm exploits. In Proceedings of ACM CCS.
5. Kim Y., Lau W.C., Chuah M.C., and Chao H.J. PacketScore: A statistics-based packet filtering scheme against distributed denial-of-service attacks. IEEE Transactions on Dependable and Secure Computing 3 2 (2006) 141-155
6. Kruegel, C., & Kirda, E. (2005). Polymorphic worm detection using structural information of executables. In Proceedings of recent advances in intrusion detection (RAID).
7. Lee K., Kim J., Kwon K.H., Han Y., and Kim S. DDoS attack detection method using cluster analysis. Expert Systems with Applications (2007)
8. Li, Z., Sanghi, M., Chen, Y., Kao, M. Y., & Chavez, B. (2006). Hamsa: Fast signature generation for zero-day polymorphic worms with provable attack. In Proceedings of the 2006 IEEE symposium on security and privacy (pp. 32-47).
9. Liang, Z., & Sekar, R. (2005). Fast and automated generation of attack signatures: A basis for building self-protecting servers. In Proceedings of ACM CCS.
10. Liao Y., and Vemuri R. Use of K-nearest neighbor classifier for intrusion detection. Computers and Security 21 5 (2001) 439-448
11. Mahoney, M., & Chan, P. K. (2003). An analysis of the 1999 DARPA/Lincoln Laboratory evaluation data for network anomaly detection. In RAID (pp. 220-237).
12. Nachenberg C. Computer virus-antivirus coevolution. Communications of the ACM 40 1 (1997) 46-51
13. Newsome, J., Karp, B., & Song, D. (2005). Polygraph: Automatically generating signatures for polymorphic worms. In Proceedings of the security and privacy symposium.
14. Newsome, J., & Song, D. (2005). Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In Proceedings of NDSS.
15. Nojiri, D., Rowe, J., & Levitt, K. (2003). Cooperative response strategies for large scale attack mitigation. In Proceedings of the 3rd DARPA information survivability conference and exposition (DISCEX) (pp. 293-302).
16. Oorschot P.C., Robert J.M., and Martin M.V. A monitoring system for detecting repeated packets with applications to computer worms. Internet Journal of Information Security 5 3 (2006) 186-199
17. Park, K. & Lee, H. (2001). On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internet. In Proceedings of ACM SIGCOMM'01 (pp. 15-26).
18. Pawlak, Z. (1996). Why rough sets? In Proceedings of the 5th IEEE international conference on fuzzy systems, Piscataway, New Jersey, USA (Vol. 2, pp. 738-743).
19. Roesch, M. (2001). Snort: The lightweight network intrusion detection system. Accessed November 2007.
20. Russell, R. (1999). Linux iptables HOWTO. http://www.linuxguruz.com/iptables/howto. [Accessed November, 2007].
21. Shannon, C. & Moore, D. (2004). The spread of the Witty worm. Accessed November 2007.
22. Shyng J.Y., Wang F.K., Tzeng G.H., and Wu K.S. Rough set theory in analyzing the attributes of combination values for the insurance market. Expert Systems with Applications 32 1 (2007) 56-64
23. Singh, S., Estan, C., Varghese, G., & Savage, S. (2003). The earlybird system for real-time detection of unknown worms. Technical report CS-2003-0761, University of California, San Diego.
24. Staniford, S., Paxson, V., & Weaver, N. (2002). How to own the Internet in your spare time. In Proceedings of the 11th USENIX security symposium.
25. Symantec Corp. (2002). FreeBSD scalper worm. Accessed November 2007.
26. Wang F.H. On acquiring classification knowledge from noisy data based on rough set. Expert Systems with Applications 29 (2005) 49-64
27. Wang, H., Guo, C., & Simon, D., & Zugenmaier, A. (2004). Shield: Vulnerability-driven network filters for preventing known vulnerability exploits. In Proceedings of ACM SIGCOMM'04, Portland, OR.
28. Wang, W., Luo, D. S., & Zhang, J. (2006). Detect polymorphic worms based on semantic signature and data mining. In Proceedings of the first communications and networking conference, China.
29. Xin, Y., Fang, B. X., Yun, X. C., & Chen, H. Y. (2005). Worm detection in large scale network by traffic. In Sixth international conference on parallel and distributed computing applications and technologies, China (pp. 270-273).
30. Yang H.H., Liu T.C., and Lin Y.T. Applying rough sets to prevent customer complaints for IC packaging foundry. Expert Systems with Applications 32 1 (2007) 151-156
31. Zadeh L.A. Fuzzy sets. Information and Control 8 (1965) 338-353
32. Zou, C. C., Gao, L., Gong, W., & Towsley, D. (2003). Monitoring and early warning for internet worms. Technical report TR-CSE-03-01, Department of Computer Science, University of Massachusetts, Amherst.