Science & Engineering Research Support soCiety (SERSC)
With growing sophistication of computer worms, it is very important to detect and prevent the worms quickly and accurately at their early phase of infection. Traditional signature based IDS, though effective for known attacks but failed to handle the zero-day attack promptly. Recent papers on polymorphic worms does not guarantee accurate signature in presence of noise in suspicious flow samples. In this paper, the authors propose PolyS, an improved version of Hamsa, a network based automated signature generation scheme to thwart zero-day polymorphic worms.