Signature Tree Generation for Polymorphic Worms

Download Now
Provided by: Institute of Electrical & Electronic Engineers
Topic: Security
Format: PDF
Network-based Signature Generation (NSG) has been proposed as a way to automatically and quickly generate accurate signatures for worms, especially polymorphic worms. In this paper, the authors propose a new NSG system - PolyTree, to defend against polymorphic worms. They observe that signatures from worms and their variants are relevant and a tree structure can properly reflect their familial resemblance. Hence, in contrast to an isolated view of generated signatures in previous papers, PolyTree organizes signatures extracted from worm samples into a tree structure, called signature tree, based on the formally defined \"More specific\" relation of simplified regular expression signatures.
Download Now

Find By Topic