Novel approach based on neighborhood relation signature against polymorphic internet worms

WANG Jie1; WANG Jian-xin1; LIU Xu-chong2

Tongxin xuebao (Jan 2011)

Novel approach based on neighborhood relation signature against polymorphic internet worms

WANG Jie1,
WANG Jian-xin1,
LIU Xu-chong2

Affiliations

WANG Jie1
WANG Jian-xin1
LIU Xu-chong2

Journal volume & issue: Vol. 32
pp. 150 – 158

Abstract

Read online

A class of neighborhood-relation signatures（NRS） was proposed based on neighborhood relationship between worm bytes.Because NRS embodies common characteristics of different morph of some polymorphic worms,Different patterns of polymorphic worms efficiently were detected.NRS generating algorithm（NRSGA） was designed to generate three types of signatures: 1-NRS,2-NRS and（1,2）-NRS.Some experiments were performed to demonstrate the correct-ness of the process of signatures generation and the effectiveness of NRS.Experiment results show that our approach has lower false negative ratio in detecting worms,and is effective to prevent polymorphic worms from propagating.

Published in Tongxin xuebao

ISSN: 1000-436X (Print)
Publisher: Editorial Department of Journal on Communications
Country of publisher: China
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering: Telecommunication
Website: http://www.infocomm-journal.com/txxb/EN/1000-436X/home.shtml

About the journal

Abstract

Keywords