An%20Automated%20Signature-Based%20Approach%20against%20Polymorphic%20Internet%20Worms - PowerPoint PPT Presentation

About This Presentation
Title:

An%20Automated%20Signature-Based%20Approach%20against%20Polymorphic%20Internet%20Worms

Description:

Self-encryption. Garbage-code Insertion. Instruction-substitution. Code-transposition ... but not including Self-encryption, Code-transposition, and Register ... – PowerPoint PPT presentation

Number of Views:43
Avg rating:3.0/5.0

less

Transcript and Presenter's Notes

Title: An%20Automated%20Signature-Based%20Approach%20against%20Polymorphic%20Internet%20Worms


1
An Automated Signature-Based Approach against
Polymorphic Internet Worms
  • Yong Tang Shigang Chen
  • IEEE Transactions on Parallel and Distributed
    Systems, Vol. 18, No. 7, July 2007

Reporter Luo Sheng-Yuan 2009/04/09
2
Outline
  • Introduction
  • Related Work
  • Proposed Scheme
  • Experiments Result
  • Conclusion

3
Introduction
  • Worms represent a major threat to the Internet.
  • Polymorphism techniques that a worm may use to
    evade detection by the current defense systems.
  • Position-Aware Distribution Signature (PADS)
  • Compute PADS from a set of polymorphic worm
    samples.

4
Related Work
  • Signature-based
  • Longest Common Substrings

Payload 1
Payload 2
5
Related Work
  • Anomaly-based
  • Byte Frequency Distribution

6
Related Work
  • Polymorphism Techniques
  • Self-encryption
  • Garbage-code Insertion
  • Instruction-substitution
  • Code-transposition
  • Register-reassignment

7
Related Work
  • Variants of a polymorphic worm

8
Proposed Scheme
  • Position-Aware Distribution Signature (PADS)

9
Proposed Scheme
  • Payload Matching against PADS

Payload
Significant Region
10
Proposed Scheme
  • Compute PADS from captured worm samples
  • Expectation-Maximization Algorithm

Significant Region
Sample 1
Sample 2
Sample n
11
Proposed Scheme
  • Compute PADS from captured worm samples
  • Gibbs Sampling Algorithm

Sample 1
Sample 2
Sample n
12
Experiments Result
  • False Positives and False Negatives

13
Experiments Result
  • Convergence of EM and Gibbs

14
Experiments Result
  • Matching Time

15
Conclusion
  • We propose iterative algorithms to calculate the
    signature from captured worm samples.
  • Extensively experiments are performed on four
    worms to validate the proposed signature and its
    algorithms.

16
Comment
  • Matching Time is bigger than traditional
    approaches.
  • Artificially generate the variants of these worms
    based on some polymorphism techniques, but not
    including Self-encryption, Code-transposition,
    and Register-reassignment.
  • Maybe, the iterative algorithms can replace by
    Genetic Algorithm.
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "An%20Automated%20Signature-Based%20Approach%20against%20Polymorphic%20Internet%20Worms" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!