PolyI-D: Polymorphic Worm Detection Based on Instruction Distribution

Ki Hun Lee, Yuna Kim, Sung Je Hong and Jong Kim

View Related Documents

Book Chapter
Polymorphic Worm Detection Using Structural Information of Executables
Christopher Kruegel, Engin Kirda, Darren Mutz, William Robertson and Giovanni Vigna
Lecture Notes in Computer Science, 2006, Volume 3858, Recent Advances in Intrusion Detection, Pages 207-226
- Download PDF (516.8 KB)
Journal Article
A monitoring system for detecting repeated packets with applications to computer worms
Paul C. van Oorschot, Jean-Marc Robert and Miguel Vargas Martin
International Journal of Information Security, 2006, Volume 5, Number 3, Pages 186-199
- Download PDF (407.0 KB)
Book Chapter
Virtual Playgrounds for Worm Behavior Investigation
Xuxian Jiang, Dongyan Xu, Helen J. Wang and Eugene H. Spafford
Lecture Notes in Computer Science, 2006, Volume 3858, Recent Advances in Intrusion Detection, Pages 1-21
- Download PDF (744.2 KB)
Book Chapter
Generating Simplified Regular Expression Signatures for Polymorphic Worms
Yong Tang, Xicheng Lu and Bin Xiao
Lecture Notes in Computer Science, 2007, Volume 4610, Autonomic and Trusted Computing, Pages 478-488
- Download PDF (578.7 KB)
Journal Article
vEye: behavioral footprinting for self-propagating worm detection and profiling
Xuxian Jiang and Xingquan Zhu
Knowledge and Information Systems, 2009, Volume 18, Number 2, Pages 231-262
- Download PDF (1,003.5 KB)
Book Chapter
Anomalous Payload-Based Worm Detection and Signature Generation
Ke Wang, Gabriela Cretu and Salvatore J. Stolfo
Lecture Notes in Computer Science, 2006, Volume 3858, Recent Advances in Intrusion Detection, Pages 227-246
- Download PDF (305.7 KB)
Book Chapter
Detecting Self-mutating Malware Using Control-Flow Graph Matching
Danilo Bruschi, Lorenzo Martignoni and Mattia Monga
Lecture Notes in Computer Science, 2006, Volume 4064, Detection of Intrusions and Malware & Vulnerability Assessment, Pages 129-143
- Download PDF (471.8 KB)
Journal Article
On the infeasibility of modeling polymorphic shellcode
Re-thinking the role of learning in intrusion detection systems
Yingbo Song, Michael E. Locasto, Angelos Stavrou, Angelos D. Keromytis and Salvatore J. Stolfo
Machine Learning, 2010, Volume 81, Number 2, Pages 179-205
- Download PDF (1.3 MB)
Book Chapter
Allergy Attack Against Automatic Signature Generation
Simon P. Chung and Aloysius K. Mok
Lecture Notes in Computer Science, 2006, Volume 4219, Recent Advances in Intrusion Detection, Pages 61-80
- Download PDF (477.3 KB)
Book Chapter
A Practical Approach for Detecting Executable Codes in Network Traffic
Ikkyun Kim, Koohong Kang, YangSeo Choi, Daewon Kim and Jintae Oh, et al.
Lecture Notes in Computer Science, 2007, Volume 4773, Managing Next Generation Networks and Services, Pages 354-363
- Download PDF (659.4 KB)

Abstract

With lack of diversity in platforms and softwares running in Internet-attached hosts, Internet worms can spread all over the world in just a few minutes. Many researchers suggest the signature-based Network Intrusion Detection System(NIDS) to defend the network against it. However, the polymorphic worm evolved from the traditional Internet worm was devised to evade signature-based detection schemes, which actually makes NIDS useless. Some schemes are proposed for detecting it, but they have some shortcomings such as belated detection and huge overhead.

In this paper, we propose a new system, called PolyI-D, that detects the polymorphic worm through some tests based on instruction distribution in real-time with little overhead. This is particularly suitable even for fast spread and continuously mutated worms.

This research was supported by the MIC(Ministry of Information and Communication), Korea, under the ITRC(Information Technology Research Center) support program supervised by the IITA(Institute of Information Technology Assessment).

Fulltext Preview

Image of the first page of the fulltext document

Frequently asked questions General info on journals and books Send us your feedback Impressum Contact us

SpringerLink

PolyI-D: Polymorphic Worm Detection Based on Instruction Distribution

View Related Documents

Abstract

Fulltext Preview