1 / 12

An Automated Signature Generation Approach for Polymorphic Worm Based on Color Coding

An Automated Signature Generation Approach for Polymorphic Worm Based on Color Coding. Jie Wang; Jianxin Wang; Jianer Chen; Xi Zhang; IEEE International Conference on Communications, 2009. ICC '09. Reporter: Luo Sheng-Yuan 2009/11/12. Outline. Introduction Related Work Proposed Scheme

london
Download Presentation

An Automated Signature Generation Approach for Polymorphic Worm Based on Color Coding

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. An Automated Signature Generation Approach for Polymorphic Worm Based on Color Coding Jie Wang; Jianxin Wang; Jianer Chen; Xi Zhang; IEEE International Conference on Communications, 2009. ICC '09. Reporter: Luo Sheng-Yuan 2009/11/12

  2. Outline • Introduction • Related Work • Proposed Scheme • Experiments Result • Conclusion

  3. Introduction • Previous approaches can generate signature for worm without noise disturbance, but they all have trouble in generating worm signature with noise.

  4. Related Work • Polygraph’s Scheme • Token Signature

  5. Related Work • Polygraph’s Scheme • Token-subsequence Signature • consists of ordered list of tokens • Conjunction Signature • consists of an unordered set of tokens • Bayes Signature • consists of a set of tokens, each token is associated with a score

  6. Proposed Scheme • Color Coding • 5 items, 4 colors • There must be 2 items with same color.

  7. Proposed Scheme • CCSF(Color Coding Signature Finding) • Divides n sequences into m groups and each group contains 20 sequences. Suspicious Pool (n sequence) ……………………………… 20 20 20 20

  8. Proposed Scheme • CCSF • Color Coding

  9. Proposed Scheme • CCFS • Extracts Common Substrings(Tokens) Sequence1 H e l l o W o r l d Sequence2 H e l l o h W o r l d r u 1 scan 2 scan Sequencek H e l l o t W o r l d h

  10. Experiments Result • Signature generation with some noise sequences. • Correct Signature

  11. Experiments Result • Signature generation with some noise sequences. • Accurate Signature

  12. Conclusion • CCSF is able to generate signatures automatically for polymorphic worms in the environments with noise. • In this paper, only one worm type of a suspicious flow pool is considered in CCSF.

More Related