PolyS: Network-based Signature Generation for Zero-day Polymorphic Worms

Provided by: Science & Engineering Research Support soCiety (SERSC)
Topic: Security
Format: PDF
With growing sophistication of computer worms, it is very important to detect and prevent the worms quickly and accurately at their early phase of infection. Traditional signature based IDS, though effective for known attacks but failed to handle the zero-day attack promptly. Recent papers on polymorphic worms does not guarantee accurate signature in presence of noise in suspicious flow samples. In this paper, the authors propose PolyS, an improved version of Hamsa, a network based automated signature generation scheme to thwart zero-day polymorphic worms.

Find By Topic