Abstract
As modern worms spread quickly; any countermeasure based on human reaction is barely fast enough to thwart the threat. Moreover, because polymorphic worms could generate mutated instances, they are more complex than non-mutating ones. Currently, the content-based signature generation of polymorphic worms is a challenge for network security. Several signature classes have been proposed for polymorphic worms. Although previously proposed schemes consider patterns such as 1-byte invariants and distance restrictions, they could not handle neither large payloads nor the big size pool of worm instances. Moreover, they are prone to noise injection attack. We proposed a method to combine two approaches of creating a polymorphic worm signature in a new way that avoid the limitation of both approaches. The proposedsignature generation scheme is based on token extraction and multiple sequence alignment, widely used in Bioinformatics. This approach provides speed, accuracy, and flexibility in terms of noise tolerance. The evaluations demonstrate these claims.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
