An automated signature generation approach for polymorphic worm based on color coding
This presentation is the property of its rightful owner.
Sponsored Links
1 / 12

An Automated Signature Generation Approach for Polymorphic Worm Based on Color Coding PowerPoint PPT Presentation


  • 60 Views
  • Uploaded on
  • Presentation posted in: General

An Automated Signature Generation Approach for Polymorphic Worm Based on Color Coding. Jie Wang; Jianxin Wang; Jianer Chen; Xi Zhang; IEEE International Conference on Communications, 2009. ICC '09. Reporter: Luo Sheng-Yuan 2009/11/12. Outline. Introduction Related Work Proposed Scheme

Download Presentation

An Automated Signature Generation Approach for Polymorphic Worm Based on Color Coding

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


An automated signature generation approach for polymorphic worm based on color coding

An Automated Signature Generation Approach for Polymorphic Worm Based on Color Coding

Jie Wang; Jianxin Wang; Jianer Chen; Xi Zhang;

IEEE International Conference on Communications, 2009. ICC '09.

Reporter: Luo Sheng-Yuan 2009/11/12


Outline

Outline

  • Introduction

  • Related Work

  • Proposed Scheme

  • Experiments Result

  • Conclusion


Introduction

Introduction

  • Previous approaches can generate signature for worm without noise disturbance, but they all have trouble in generating worm signature with noise.


Related work

Related Work

  • Polygraph’s Scheme

    • Token Signature


Related work1

Related Work

  • Polygraph’s Scheme

    • Token-subsequence Signature

      • consists of ordered list of tokens

    • Conjunction Signature

      • consists of an unordered set of tokens

    • Bayes Signature

      • consists of a set of tokens, each token is associated with a score


Proposed scheme

Proposed Scheme

  • Color Coding

    • 5 items, 4 colors

    • There must be 2 items with same color.


Proposed scheme1

Proposed Scheme

  • CCSF(Color Coding Signature Finding)

    • Divides n sequences into m groups and each group contains 20 sequences.

Suspicious Pool

(n sequence)

………………………………

20

20

20

20


Proposed scheme2

Proposed Scheme

  • CCSF

    • Color Coding


Proposed scheme3

Proposed Scheme

  • CCFS

    • Extracts Common Substrings(Tokens)

Sequence1

H

e

l

l

o

W

o

r

l

d

Sequence2

H

e

l

l

o

h

W

o

r

l

d

r

u

1 scan

2 scan

Sequencek

H

e

l

l

o

t

W

o

r

l

d

h


Experiments result

Experiments Result

  • Signature generation with some noise sequences.

    • Correct Signature


Experiments result1

Experiments Result

  • Signature generation with some noise sequences.

    • Accurate Signature


Conclusion

Conclusion

  • CCSF is able to generate signatures automatically for polymorphic worms in the environments with noise.

  • In this paper, only one worm type of a suspicious flow pool is considered in CCSF.


  • Login