Honeycyber: Automated Signature Generation for Zero-Day Polymorphic Worms

Download Now Free registration required

Executive Summary

Signature-based Intrusion Detection Systems (IDSs) can be evaded by polymorphic worms which vary their payloads in every infection attempt. In this paper, the authors propose Honeycyber, a system for automated signature generation for zero-day polymorphic worms. They have designed a novel double-honeynet system, which is able to automatically detect new worms and isolate the attack traffic from innocuous traffic. They introduce unlimited honeynet outbound connections, which allow one to capture different payloads in every infection of the same worm. The system is able to generate signatures to match most polymorphic worm instances with low false positives and low false negatives.

  • Format: PDF
  • Size: 217.8 KB