期刊名称:International Journal of Grid and Distributed Computing
印刷版ISSN:2005-4262
出版年度:2013
卷号:6
期号:4
出版社:SERSC
摘要:With growing sophistication of computer worms, it is very important to detect and prevent the worms quickly and accurately at their early phase of infection. Traditional signature based IDS, though effective for known attacks but failed to handle the zero-day attack promptly. Recent works on polymorphic worms does not guarantee accurate signature in presence of noise in suspicious flow samples. In this paper we propose PolyS, an improved version of Hamsa, a network based automated signature generation scheme to thwart zero-day polymorphic worms. We contribute a novel architecture that reduces the noise in suspicious traffic pool, thus enhancing the accuracy of worm's signature. Also we propose a signature generation algorithm for successfully matching polymorphic worm payload with higher speed and memory efficiency. Analysis shows that our system is fast, accurate, attack-resilient and capable of generating quality signature with low false positive and false negative
