Research Article
A New Attempt to Detect Polymorphic Worms Based on Semantic Signature and Data-Mining
@INPROCEEDINGS{10.1109/CHINACOM.2006.344872, author={Wei Wang and Dai-sheng Luo and Zhaobiao Lu}, title={A New Attempt to Detect Polymorphic Worms Based on Semantic Signature and Data-Mining}, proceedings={1st International ICST Conference on Communications and Networking in China}, publisher={IEEE}, proceedings_a={CHINACOM}, year={2007}, month={4}, keywords={}, doi={10.1109/CHINACOM.2006.344872} }
- Wei Wang
Dai-sheng Luo
Zhaobiao Lu
Year: 2007
A New Attempt to Detect Polymorphic Worms Based on Semantic Signature and Data-Mining
CHINACOM
IEEE
DOI: 10.1109/CHINACOM.2006.344872
Abstract
In recent years, Internet worms increasingly threaten the Internet hosts and service and polymorphic worms can evade signature-based intrusion detection systems. In this paper, we propose new methods to detect polymorphic worms based on semantic signature and data-mining. Our main contributions of this work are as follows: (1) we propose a worm attack model - the OSJUMP model. (2) Based on the attack model, we analyze the feature of polymorphic worms and the feature of perfect ones. (3) We propose methods to detect worms by recognizing the JUMP address based on data-mining such as Bayes and ANN. We evaluate some famous worm and polymorphic ones generated from them, the results show that the false negative and performance improved a lot compared to signature-based IDSes.