Generating Simplified Regular Expression Signatures for Polymorphic Worms

Download Now
Provided by: Springer Healthcare
Topic: Security
Format: PDF
It is crucial to automatically generate accurate and effective signatures to defense against polymorphic worms. Previous paper using conjunctions of tokens or token subsequence could lose some important information, like ignoring 1 byte token and neglecting the distances in the sequential tokens. In this paper the authors propose the Simplified Regular Expression (SRE) signature, and present its signature generation method based on the multiple sequence alignment algorithm. The multiple sequence alignment algorithm is extended from the pair-wise sequence alignment algorithm, which encourages the contiguous substring extraction and is able to support wildcard string alignment and to preserve the distance of invariant content segment in generated SRE signatures.
Download Now

Find By Topic