کد مقاله کد نشریه سال انتشار مقاله انگلیسی نسخه تمام متن
425125 685689 2016 11 صفحه PDF دانلود رایگان
عنوان انگلیسی مقاله ISI
Investigations of automatic methods for detecting the polymorphic worms signatures
ترجمه فارسی عنوان
بررسی روش های اتوماتیک برای شناسایی نشانه های کرم های پلی مورفیک
کلمات کلیدی
کرم های پلی‌مورفیک؛ بیان ساده منظم؛ اتوگراف؛ پلی گراف؛ امنیت نرم افزاری؛ مهندسی نرم افزار
موضوعات مرتبط
مهندسی و علوم پایه مهندسی کامپیوتر نظریه محاسباتی و ریاضیات
چکیده انگلیسی


• An Enhanced Contiguous Substring Rewarded (ECSR) algorithm is developed.
• The signature can produce a loss of vital information such as ignoring one byte token.
• The SRE needs to be updated and accurate when compared with autograph and polygraph methods.

This paper investigates the current automatics methods used to generate efficient and accurate signatures to create countermeasures against attacks by polymorphic worms. These strategies include autograph, polygraph and Simplified Regular Expression (SRE). They rely on network-based signature detection and filtering content network traffic, as the signature generated by these methods can be read by Intrusion Prevention systems and firewalls. In this paper, we also present the architecture and evaluation of each method, and the implementation used as patterns by SRE mechanism to extract accurate signatures. Such implementation was accomplished through use of the Needleman–Wunsch algorithm, which was inadequate to manage the invariant parts and distances restrictions of the polymorphic worm. Consequently, an Enhanced Contiguous Substring Rewarded (ECSR) algorithm is developed to improve the result extraction from the Needleman–Wunsch algorithm and generate accurate signatures. The signature generation by SRE is found to be more accurate and efficient as it preserves all the important features of polymorphic worms. The evaluation results show that the signature contains conjunctions of tokens, or token subsequence can produce a loss of vital information such as ignoring one byte token or neglecting the restriction distances. Furthermore, the Simplified Regular Expression needs to be updated and accurate when compared with autograph and polygraph methods.

ناشر
Database: Elsevier - ScienceDirect (ساینس دایرکت)
Journal: Future Generation Computer Systems - Volume 60, July 2016, Pages 67–77
نویسندگان
, , ,